Windows Analysis Report
PumpBot.exe

Overview

General Information

Sample name:	PumpBot.exe
Analysis ID:	1545732
MD5:	6a0748cef7672d8c10da160a9f9d3e7c
SHA1:	41e707866b91bf5509091b0949fccaa8cbe73908
SHA256:	b8cf4fc945a0c0401f6931467f4ddf2f58a017e932a87b3ddaa0bb925ef78231
Tags:	exeuser-500mk500
Infos:

Detection

Score:	27
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Found pyInstaller with non standard icon

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Classification

Signatures

Source: PumpBot.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: libcrypto-1_1.dll.0.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: PumpBot.exe, 00000000.00000003.2125146329.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: libssl-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\python310.pdb source: PumpBot.exe, 00000003.00000002.2145582822.00007FFD9456F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmp, _bz2.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source:	Binary string: D:\a\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: _ssl.pyd.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr

Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,	0_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,	3_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF7A0FF6878

Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.co
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.cot
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: unicodedata.pyd.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: base_library.zip.0.dr	String found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: PumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143869403.000002739608C000.00000004.00001000.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134667028.0000027395FB7000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: PumpBot.exe, 00000003.00000003.2133579000.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: PumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: PumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: base_library.zip.0.dr	String found in binary or memory: https://mahler:8092/site-updates.py
Source: PumpBot.exe, 00000003.00000002.2145582822.00007FFD9456F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr	String found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: https://www.openssl.org/H
Source: base_library.zip.0.dr	String found in binary or memory: https://www.python.org/
Source: PumpBot.exe, 00000000.00000003.2131474594.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134741386.0000027396860000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.dr	String found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: PumpBot.exe, 00000003.00000002.2143869403.0000027396000000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.dr	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.

Detected potential crypto function

Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FFFA88	0_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1004EA0	0_2_00007FF7A1004EA0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1005DEC	0_2_00007FF7A1005DEC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FE58E0	0_2_00007FF7A0FE58E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF2A18	0_2_00007FF7A0FF2A18
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1000A34	0_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A100324C	0_2_00007FF7A100324C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A100511C	0_2_00007FF7A100511C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF0150	0_2_00007FF7A0FF0150
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF21DC	0_2_00007FF7A0FF21DC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FFD1F8	0_2_00007FF7A0FFD1F8
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FE7420	0_2_00007FF7A0FE7420
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF8D00	0_2_00007FF7A0FF8D00
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF132C	0_2_00007FF7A0FF132C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF0354	0_2_00007FF7A0FF0354
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1008BE8	0_2_00007FF7A1008BE8
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF16C4	0_2_00007FF7A0FF16C4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF66C4	0_2_00007FF7A0FF66C4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FEFD40	0_2_00007FF7A0FEFD40
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FFCD64	0_2_00007FF7A0FFCD64
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF0560	0_2_00007FF7A0FF0560
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1002DB0	0_2_00007FF7A1002DB0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FFFA88	0_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF2614	0_2_00007FF7A0FF2614
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FFD878	0_2_00007FF7A0FFD878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A10058A0	0_2_00007FF7A10058A0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF70FC	0_2_00007FF7A0FF70FC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FEFF44	0_2_00007FF7A0FEFF44
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF0764	0_2_00007FF7A0FF0764
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF4FC0	0_2_00007FF7A0FF4FC0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF21DC	3_2_00007FF7A0FF21DC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF132C	3_2_00007FF7A0FF132C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1005DEC	3_2_00007FF7A1005DEC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF2A18	3_2_00007FF7A0FF2A18
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1000A34	3_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A100324C	3_2_00007FF7A100324C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FFFA88	3_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A100511C	3_2_00007FF7A100511C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF0150	3_2_00007FF7A0FF0150
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878	3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FFD1F8	3_2_00007FF7A0FFD1F8
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FE7420	3_2_00007FF7A0FE7420
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF8D00	3_2_00007FF7A0FF8D00
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF0354	3_2_00007FF7A0FF0354
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1008BE8	3_2_00007FF7A1008BE8
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1004EA0	3_2_00007FF7A1004EA0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF16C4	3_2_00007FF7A0FF16C4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF66C4	3_2_00007FF7A0FF66C4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FEFD40	3_2_00007FF7A0FEFD40
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FFCD64	3_2_00007FF7A0FFCD64
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF0560	3_2_00007FF7A0FF0560
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1002DB0	3_2_00007FF7A1002DB0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FFFA88	3_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF2614	3_2_00007FF7A0FF2614
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FFD878	3_2_00007FF7A0FFD878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878	3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A10058A0	3_2_00007FF7A10058A0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FE58E0	3_2_00007FF7A0FE58E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF70FC	3_2_00007FF7A0FF70FC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FEFF44	3_2_00007FF7A0FEFF44
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF0764	3_2_00007FF7A0FF0764
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF4FC0	3_2_00007FF7A0FF4FC0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3712F80	3_2_00007FFDA3712F80
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA37152E0	3_2_00007FFDA37152E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA371F6E8	3_2_00007FFDA371F6E8
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3711AF0	3_2_00007FFDA3711AF0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3715B38	3_2_00007FFDA3715B38
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3711280	3_2_00007FFDA3711280
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3716E34	3_2_00007FFDA3716E34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3712490	3_2_00007FFDA3712490
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3718CD0	3_2_00007FFDA3718CD0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA4335EE0	3_2_00007FFDA4335EE0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA4333CE0	3_2_00007FFDA4333CE0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA43335B0	3_2_00007FFDA43335B0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA43337D0	3_2_00007FFDA43337D0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA433C638	3_2_00007FFDA433C638
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA433763C	3_2_00007FFDA433763C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA4331000	3_2_00007FFDA4331000
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA5467508	3_2_00007FFDA5467508

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\PumpBot.exe	Code function: String function: 00007FF7A0FE1CB0 appears 38 times
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: String function: 00007FF7A0FE1C50 appears 90 times

PE file contains executable resources (Code or Archives)

Source: unicodedata.pyd.0.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Sample file is different than original file name gathered from version info

Source: PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125146329.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs PumpBot.exe
Source: PumpBot.exe	Binary or memory string: OriginalFilename vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2145922625.00007FFD94678000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenamepython310.dll. vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs PumpBot.exe

Source: classification engine

Classification label: sus27.winEXE@4/14@0/0

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A0FE6670 GetLastError,FormatMessageW,WideCharToMultiByte,

0_2_00007FF7A0FE6670

Source: C:\Users\user\Desktop\PumpBot.exe

File created: C:\Users\user\Desktop\data

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5252:120:WilError_03

Source: C:\Users\user\Desktop\PumpBot.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI52482

Jump to behavior

Source: PumpBot.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\PumpBot.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\PumpBot.exe

File read: C:\Users\user\Desktop\PumpBot.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"
Source: C:\Users\user\Desktop\PumpBot.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PumpBot.exe	Process created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"
Source: C:\Users\user\Desktop\PumpBot.exe	Process created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"	Jump to behavior

Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: python3.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\PumpBot.exe

File opened: C:\Users\user\Desktop\pyvenv.cfg

Jump to behavior

Source: PumpBot.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: PumpBot.exe

Static file information: File size 5957263 > 1048576

Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: PumpBot.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: PumpBot.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: libcrypto-1_1.dll.0.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: PumpBot.exe, 00000000.00000003.2125146329.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: libssl-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\python310.pdb source: PumpBot.exe, 00000003.00000002.2145582822.00007FFD9456F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmp, _bz2.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source:	Binary string: D:\a\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: _ssl.pyd.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr

Source: PumpBot.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: PumpBot.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: PumpBot.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: PumpBot.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: PumpBot.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: PumpBot.exe	Static PE information: section name: _RDATA
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: python310.dll.0.dr	Static PE information: section name: PyRuntim

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\PumpBot.exe

Process created: "C:\Users\user\Desktop\PumpBot.exe"

Drops PE files

Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\python310.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_socket.pyd	Jump to dropped file

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A0FE2F20 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00007FF7A0FE2F20

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\python310.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_socket.pyd	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\PumpBot.exe

API coverage: 3.8 %

Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,	0_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,	3_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF7A0FF6878

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A0FEAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7A0FEAA2C

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A1002620 GetProcessHeap,

0_2_00007FF7A1002620

Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FEAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7A0FEAA2C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FEA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7A0FEA180
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7A0FF9C44
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FEABD4 SetUnhandledExceptionFilter,	0_2_00007FF7A0FEABD4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FEAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF7A0FEAA2C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FEA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FF7A0FEA180
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF7A0FF9C44
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FEABD4 SetUnhandledExceptionFilter,	3_2_00007FF7A0FEABD4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA37233B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FFDA37233B0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3723980 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FFDA3723980
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA4339F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FFDA4339F30
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA433A978 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FFDA433A978
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA547004C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FFDA547004C

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\PumpBot.exe

Process created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"

Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A1008A30 cpuid

0_2_00007FF7A1008A30

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\data\.cache_dir\Ai Powered Bot Starter.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A0FEA910 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7A0FEA910

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A1004EA0 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF7A1004EA0

Source: C:\Users\user\Desktop\PumpBot.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Source: PumpBot.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: libcrypto-1_1.dll.0.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: PumpBot.exe, 00000000.00000003.2125146329.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: libssl-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\python310.pdb source: PumpBot.exe, 00000003.00000002.2145582822.00007FFD9456F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmp, _bz2.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source:	Binary string: D:\a\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: _ssl.pyd.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr

Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,	0_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,	3_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF7A0FF6878

Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.co
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.cot
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: unicodedata.pyd.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: base_library.zip.0.dr	String found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: PumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143869403.000002739608C000.00000004.00001000.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134667028.0000027395FB7000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: PumpBot.exe, 00000003.00000003.2133579000.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: PumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: PumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: base_library.zip.0.dr	String found in binary or memory: https://mahler:8092/site-updates.py
Source: PumpBot.exe, 00000003.00000002.2145582822.00007FFD9456F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr	String found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: https://www.openssl.org/H
Source: base_library.zip.0.dr	String found in binary or memory: https://www.python.org/
Source: PumpBot.exe, 00000000.00000003.2131474594.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134741386.0000027396860000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.dr	String found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: PumpBot.exe, 00000003.00000002.2143869403.0000027396000000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.dr	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.

Detected potential crypto function

Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FFFA88	0_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1004EA0	0_2_00007FF7A1004EA0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1005DEC	0_2_00007FF7A1005DEC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FE58E0	0_2_00007FF7A0FE58E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF2A18	0_2_00007FF7A0FF2A18
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1000A34	0_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A100324C	0_2_00007FF7A100324C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A100511C	0_2_00007FF7A100511C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF0150	0_2_00007FF7A0FF0150
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF21DC	0_2_00007FF7A0FF21DC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FFD1F8	0_2_00007FF7A0FFD1F8
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FE7420	0_2_00007FF7A0FE7420
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF8D00	0_2_00007FF7A0FF8D00
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF132C	0_2_00007FF7A0FF132C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF0354	0_2_00007FF7A0FF0354
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1008BE8	0_2_00007FF7A1008BE8
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF16C4	0_2_00007FF7A0FF16C4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF66C4	0_2_00007FF7A0FF66C4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FEFD40	0_2_00007FF7A0FEFD40
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FFCD64	0_2_00007FF7A0FFCD64
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF0560	0_2_00007FF7A0FF0560
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1002DB0	0_2_00007FF7A1002DB0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FFFA88	0_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF2614	0_2_00007FF7A0FF2614
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FFD878	0_2_00007FF7A0FFD878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A10058A0	0_2_00007FF7A10058A0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF70FC	0_2_00007FF7A0FF70FC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FEFF44	0_2_00007FF7A0FEFF44
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF0764	0_2_00007FF7A0FF0764
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF4FC0	0_2_00007FF7A0FF4FC0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF21DC	3_2_00007FF7A0FF21DC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF132C	3_2_00007FF7A0FF132C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1005DEC	3_2_00007FF7A1005DEC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF2A18	3_2_00007FF7A0FF2A18
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1000A34	3_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A100324C	3_2_00007FF7A100324C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FFFA88	3_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A100511C	3_2_00007FF7A100511C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF0150	3_2_00007FF7A0FF0150
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878	3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FFD1F8	3_2_00007FF7A0FFD1F8
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FE7420	3_2_00007FF7A0FE7420
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF8D00	3_2_00007FF7A0FF8D00
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF0354	3_2_00007FF7A0FF0354
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1008BE8	3_2_00007FF7A1008BE8
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1004EA0	3_2_00007FF7A1004EA0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF16C4	3_2_00007FF7A0FF16C4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF66C4	3_2_00007FF7A0FF66C4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FEFD40	3_2_00007FF7A0FEFD40
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FFCD64	3_2_00007FF7A0FFCD64
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF0560	3_2_00007FF7A0FF0560
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1002DB0	3_2_00007FF7A1002DB0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FFFA88	3_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF2614	3_2_00007FF7A0FF2614
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FFD878	3_2_00007FF7A0FFD878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878	3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A10058A0	3_2_00007FF7A10058A0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FE58E0	3_2_00007FF7A0FE58E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF70FC	3_2_00007FF7A0FF70FC
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FEFF44	3_2_00007FF7A0FEFF44
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF0764	3_2_00007FF7A0FF0764
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF4FC0	3_2_00007FF7A0FF4FC0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3712F80	3_2_00007FFDA3712F80
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA37152E0	3_2_00007FFDA37152E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA371F6E8	3_2_00007FFDA371F6E8
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3711AF0	3_2_00007FFDA3711AF0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3715B38	3_2_00007FFDA3715B38
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3711280	3_2_00007FFDA3711280
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3716E34	3_2_00007FFDA3716E34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3712490	3_2_00007FFDA3712490
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3718CD0	3_2_00007FFDA3718CD0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA4335EE0	3_2_00007FFDA4335EE0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA4333CE0	3_2_00007FFDA4333CE0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA43335B0	3_2_00007FFDA43335B0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA43337D0	3_2_00007FFDA43337D0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA433C638	3_2_00007FFDA433C638
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA433763C	3_2_00007FFDA433763C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA4331000	3_2_00007FFDA4331000
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA5467508	3_2_00007FFDA5467508

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\PumpBot.exe	Code function: String function: 00007FF7A0FE1CB0 appears 38 times
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: String function: 00007FF7A0FE1C50 appears 90 times

PE file contains executable resources (Code or Archives)

Source: unicodedata.pyd.0.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Sample file is different than original file name gathered from version info

Source: PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125146329.0000022791A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs PumpBot.exe
Source: PumpBot.exe	Binary or memory string: OriginalFilename vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2145922625.00007FFD94678000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenamepython310.dll. vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs PumpBot.exe

Source: classification engine

Classification label: sus27.winEXE@4/14@0/0

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A0FE6670 GetLastError,FormatMessageW,WideCharToMultiByte,

0_2_00007FF7A0FE6670

Source: C:\Users\user\Desktop\PumpBot.exe

File created: C:\Users\user\Desktop\data

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5252:120:WilError_03

Source: C:\Users\user\Desktop\PumpBot.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI52482

Jump to behavior

Source: PumpBot.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\PumpBot.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\PumpBot.exe

File read: C:\Users\user\Desktop\PumpBot.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"
Source: C:\Users\user\Desktop\PumpBot.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PumpBot.exe	Process created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"
Source: C:\Users\user\Desktop\PumpBot.exe	Process created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"	Jump to behavior

Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: python3.dll	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\PumpBot.exe

File opened: C:\Users\user\Desktop\pyvenv.cfg

Jump to behavior

Source: PumpBot.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: PumpBot.exe

Static file information: File size 5957263 > 1048576

Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: PumpBot.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: PumpBot.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: PumpBot.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: libcrypto-1_1.dll.0.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: PumpBot.exe, 00000000.00000003.2125146329.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: libssl-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\python310.pdb source: PumpBot.exe, 00000003.00000002.2145582822.00007FFD9456F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmp, _bz2.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source:	Binary string: D:\a\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: _ssl.pyd.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr

Source: PumpBot.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: PumpBot.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: PumpBot.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: PumpBot.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: PumpBot.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: PumpBot.exe	Static PE information: section name: _RDATA
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: python310.dll.0.dr	Static PE information: section name: PyRuntim

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\PumpBot.exe

Process created: "C:\Users\user\Desktop\PumpBot.exe"

Drops PE files

Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\python310.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI52482\_socket.pyd	Jump to dropped file

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\PumpBot.exe

0_2_00007FF7A0FE2F20

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\python310.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_socket.pyd	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\PumpBot.exe

API coverage: 3.8 %

Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,	0_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,	3_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF7A0FF6878

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A0FEAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7A0FEAA2C

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A1002620 GetProcessHeap,

0_2_00007FF7A1002620

Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FEAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7A0FEAA2C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FEA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7A0FEA180
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FF9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7A0FF9C44
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 0_2_00007FF7A0FEABD4 SetUnhandledExceptionFilter,	0_2_00007FF7A0FEABD4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FEAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF7A0FEAA2C
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FEA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FF7A0FEA180
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FF9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF7A0FF9C44
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FF7A0FEABD4 SetUnhandledExceptionFilter,	3_2_00007FF7A0FEABD4
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA37233B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FFDA37233B0
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA3723980 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FFDA3723980
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA4339F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FFDA4339F30
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA433A978 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FFDA433A978
Source: C:\Users\user\Desktop\PumpBot.exe	Code function: 3_2_00007FFDA547004C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FFDA547004C

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\PumpBot.exe

Process created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"

Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A1008A30 cpuid

0_2_00007FF7A1008A30

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exe	Queries volume information: C:\Users\user\Desktop\data\.cache_dir\Ai Powered Bot Starter.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A0FEA910 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7A0FEA910

Source: C:\Users\user\Desktop\PumpBot.exe

Code function: 0_2_00007FF7A1004EA0 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF7A1004EA0

Source: C:\Users\user\Desktop\PumpBot.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1545732
Product:	CloudBasic
Start time:	22:22:08
Start date:	30.10.2024
Sample:	PumpBot.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	6a0748cef7672d8c10da160a9f9d3e7c
SHA1:	41e707866b91bf5509091b0949fccaa8cbe73908
SHA256:	b8cf4fc945a0c0401f6931467f4ddf2f58a017e932a87b3ddaa0bb925ef78231
Filetype:	Win64 Executable Console (202006/5) 92.65%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\_MEI52482\VCRUNTIME140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F34EB034AA4A9735218686590CBA2E8B	2BC20ACDCB201676B77A66FA7EC6B53FA2644713	9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	86D1B2A9070CD7D52124126A357FF067	18E30446FE51CED706F62C3544A8C8FDC08DE503	62173A8FADD4BF4DD71AB89EA718754AA31620244372F0C5BBBAE102E641A60E
C:\Users\user\AppData\Local\Temp\_MEI52482\_decimal.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	20C77203DDF9FF2FF96D6D11DEA2EDCF	0D660B8D1161E72C993C6E2AB0292A409F6379A5	9AAC010A424C757C434C460C3C0A6515D7720966AB64BAD667539282A17B4133
C:\Users\user\AppData\Local\Temp\_MEI52482\_hashlib.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	D4674750C732F0DB4C4DD6A83A9124FE	FD8D76817ABC847BB8359A7C268ACADA9D26BFD5	CAA4D2F8795E9A55E128409CC016E2CC5C694CB026D7058FC561E4DD131ED1C9
C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7447EFD8D71E8A1929BE0FAC722B42DC	6080C1B84C2DCBF03DCC2D95306615FF5FCE49A6	60793C8592193CFBD00FD3E5263BE4315D650BA4F9E4FDA9C45A10642FD998BE
C:\Users\user\AppData\Local\Temp\_MEI52482\_socket.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	819166054FEC07EFCD1062F13C2147EE	93868EBCD6E013FDA9CD96D8065A1D70A66A2A26	E6DEB751039CD5424A139708475CE83F9C042D43E650765A716CB4A924B07E4F
C:\Users\user\AppData\Local\Temp\_MEI52482\_ssl.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7910FB2AF40E81BEE211182CFFEC0A06	251482ED44840B3C75426DD8E3280059D2CA06C6	D2A7999E234E33828888AD455BAA6AB101D90323579ABC1095B8C42F0F723B6F
C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip	Zip archive data, at least v2.0 to extract, compression method=store	09A3FF9CE0B161D6C00993BBBECC5CDA	F268EAF07FDDF61CA6F2864A8EB5C2F4AEEB3799	10A109D61278F442E1B9CB4482275D651F66A6077C9BA6C0285D08BD942582A9
C:\Users\user\AppData\Local\Temp\_MEI52482\libcrypto-1_1.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	9D7A0C99256C50AFD5B0560BA2548930	76BD9F13597A46F5283AA35C30B53C21976D0824	9B7B4A0AD212095A8C2E35C71694D8A1764CD72A829E8E17C8AFE3A55F147939
C:\Users\user\AppData\Local\Temp\_MEI52482\libssl-1_1.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BEC0F86F9DA765E2A02C9237259A7898	3CAA604C3FFF88E71F489977E4293A488FB5671C	D74CE01319AE6F54483A19375524AA39D9F5FD91F06CF7DF238CA25E043130FD
C:\Users\user\AppData\Local\Temp\_MEI52482\python310.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	63A1FA9259A35EAEAC04174CECB90048	0DC0C91BCD6F69B80DCDD7E4020365DD7853885A	14B06796F288BC6599E458FB23A944AB0C843E9868058F02A91D4606533505ED
C:\Users\user\AppData\Local\Temp\_MEI52482\select.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	A653F35D05D2F6DEBC5D34DADDD3DFA1	1A2CEEC28EA44388F412420425665C3781AF2435	DB85F2F94D4994283E1055057372594538AE11020389D966E45607413851D9E9
C:\Users\user\AppData\Local\Temp\_MEI52482\unicodedata.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	81D62AD36CBDDB4E57A91018F3C0816E	FE4A4FC35DF240B50DB22B35824E4826059A807B	1FB2D66C056F69E8BBDD8C6C910E72697874DAE680264F8FB4B4DF19AF98AA2E
\Device\ConDrv	JSON data	52628A56C7D1B2860954588F73617CC1	94C0FB15145C69BE6193D90CE83D4D2E0EE23486	6BBCA8AD9E0BE5142D8D9065B6458E6BDE878F43E59DADB277AF2252A551432F

Windows Analysis Report
PumpBot.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report PumpBot.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
PumpBot.exe