Windows Analysis Report
xSO7sbN2j6.exe

Overview

General Information

Sample name:	xSO7sbN2j6.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:	95256b28dfb85f1d5bafdec109950775733d4af82acc0512151639695c57e469
Analysis ID:	1428491
MD5:	5917c8e5a003b2c211150d1f92440f79
SHA1:	fc3dfd511d75828c56aec3be55931d42bfbdd96e
SHA256:	95256b28dfb85f1d5bafdec109950775733d4af82acc0512151639695c57e469
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Found pyInstaller with non standard icon

Queries BIOS fan information (via WMI, Win32_Fan, often done to detect virtual machines)

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Queries temperature or sensor information (via WMI often done to detect virtual machines)

Queries voltage information (via WMI often done to detect virtual machines)

Tries to detect virtualization through RDTSC time measurements

Binary contains a suspicious time stamp

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to detect virtual machines (SGDT)

Contains functionality to detect virtual machines (SIDT)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: xSO7sbN2j6.exe	ReversingLabs: Detection: 15%
Source: xSO7sbN2j6.exe	Virustotal: Detection: 16%			Perma Link

Source: xSO7sbN2j6.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239037297.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32net.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444861222.00007FF8B61C1000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\c\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb source: registers.exe, registers.exe, 0000000A.00000002.2415695027.0000000000261000.00000040.00000001.01000000.00000022.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239773442.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\select.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447521757.00007FF8B9841000.00000040.00000001.01000000.00000012.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_A source: xSO7sbN2j6.exe
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232435962.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
Source:	Binary string: ucrtbase.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445898778.00007FF8B80D5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.1.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233416251.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232106594.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445592803.00007FF8B7FF1000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234782736.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2237358262.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\python38.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2443034874.00007FF8A8CCC000.00000040.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\Users\c\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb%% source: registers.exe, 0000000A.00000002.2415695027.0000000000261000.00000040.00000001.01000000.00000022.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239861973.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32security.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444589477.00007FF8B6191000.00000040.00000001.01000000.00000015.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232822044.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\python3.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2448608318.00007FF8BA4F2000.00000002.00000001.01000000.00000007.sdmp, python3.dll.1.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235784465.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234547266.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2236972106.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_ssl.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444067430.00007FF8B5711000.00000040.00000001.01000000.00000018.sdmp
Source:	Binary string: D:\a01\_work\26\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2230257256.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2448737746.00007FF8BFAD1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232218108.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233738349.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2231807921.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232341692.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2236165439.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb source: xSO7sbN2j6.exe, xSO7sbN2j6.exe, 00000003.00000002.2442460559.00007FF8A88B4000.00000040.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\Users\b\source\repos\ConsoleApplication1\Release\ConsoleApplication1.pdb source: netconn_properties.exe, netconn_properties.exe, 00000007.00000002.2414728783.0000000000A01000.00000040.00000001.01000000.00000021.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234146122.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: xSO7sbN2j6.exe, 00000003.00000002.2445898778.00007FF8B80D5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\unicodedata.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2441062409.00007FF8A8195000.00000040.00000001.01000000.0000001E.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2240170760.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a01\_work\26\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2230430431.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2447867332.00007FF8B9F65000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pythoncom.pdb}},GCTL source: xSO7sbN2j6.exe, 00000003.00000002.2442766857.00007FF8A8901000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: MSVCP140.dll.1.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232671264.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_bz2.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447332028.00007FF8B93C1000.00000040.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_lzma.pdbMM source: xSO7sbN2j6.exe, 00000003.00000002.2446708944.00007FF8B8F8D000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb** source: xSO7sbN2j6.exe, 00000003.00000002.2445592803.00007FF8B7FF1000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: MSVCP140.dll.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234634320.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_hashlib.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444302392.00007FF8B6176000.00000040.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb?? source: xSO7sbN2j6.exe, 00000003.00000002.2442460559.00007FF8A88B4000.00000040.00000001.01000000.00000019.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233634128.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: xSO7sbN2j6.exe, 00000003.00000002.2441450814.00007FF8A83F8000.00000040.00000001.01000000.00000017.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2231902757.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32net.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444861222.00007FF8B61C1000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235950959.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_socket.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446080851.00007FF8B8251000.00000040.00000001.01000000.00000011.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233290847.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239258092.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_ctypes.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447129812.00007FF8B90E1000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_lzma.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446708944.00007FF8B8F8D000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233871695.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233543724.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239479830.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2240443886.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234300243.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235634596.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234396719.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232552994.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239664904.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233028833.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pythoncom.pdb source: xSO7sbN2j6.exe, xSO7sbN2j6.exe, 00000003.00000002.2442766857.00007FF8A8901000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1k 25 Mar 2021built on: Tue Apr 6 11:26:02 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: xSO7sbN2j6.exe, 00000003.00000002.2441450814.00007FF8A83F8000.00000040.00000001.01000000.00000017.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232918955.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_queue.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446511663.00007FF8B8CB1000.00000040.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32api.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445139659.00007FF8B78A1000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2238777336.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239987749.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32api.pdb!! source: xSO7sbN2j6.exe, 00000003.00000002.2445139659.00007FF8B78A1000.00000040.00000001.01000000.0000000F.sdmp

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7A69E0 FindFirstFileExW,FindClose,	1_2_00007FF73D7A69E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7A69E0 FindFirstFileExW,FindClose,	3_2_00007FF73D7A69E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4480 MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,00007FF8C610F020,FindFirstFileW,FindNextFileW,WideCharToMultiByte,	3_2_00007FF8A81B4480
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A0CD11 FindFirstFileExW,	7_2_00A0CD11

Source: xSO7sbN2j6.exe, 00000003.00000002.2439755385.0000021030E90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: xSO7sbN2j6.exe, 00000003.00000002.2436948556.0000021030270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://193.17.183.14:3000/
Source: xSO7sbN2j6.exe, 00000003.00000003.2254594450.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2435457331.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2432907096.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431258852.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422307122.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://193.17.183.14:3000/)
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2Assure
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr, pyexpat.pyd.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiC
Source: xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCM
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: xSO7sbN2j6.exe, 00000003.00000002.2439755385.0000021030E90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: xSO7sbN2j6.exe, 00000003.00000002.2437139354.0000021030370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://goo.gl/zeJZl
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2436577050.0000021030211000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431934560.000002103020D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2426840147.000002103021A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433468001.000002103020E000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433810897.0000021030210000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: xSO7sbN2j6.exe, 00000003.00000003.2423625603.0000021030163000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2427750884.0000021030164000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423437104.0000021030111000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: xSO7sbN2j6.exe, 00000003.00000003.2426690756.00000210300F3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431068921.00000210300FB000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030084000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423437104.0000021030085000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: xSO7sbN2j6.exe, 00000003.00000003.2254594450.000002102E62E000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433190982.0000021030082000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030084000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2432907096.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431258852.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422307122.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2428983620.0000021030085000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423437104.0000021030085000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433913042.0000021030089000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422597636.000002103007F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431770423.0000021030086000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://json.org
Source: xSO7sbN2j6.exe, 00000003.00000002.2437083752.0000021030330000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: xSO7sbN2j6.exe, 00000003.00000002.2443034874.00007FF8A8CCC000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: xSO7sbN2j6.exe, 00000003.00000002.2436948556.0000021030270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://timgolden.me.uk/python/wmi.html
Source: xSO7sbN2j6.exe, 00000003.00000002.2439623686.0000021030DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: xSO7sbN2j6.exe, 00000003.00000002.2435883667.0000021030070000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2436577050.0000021030211000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431934560.000002103020D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433468001.000002103020E000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433810897.0000021030210000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: xSO7sbN2j6.exe, 00000003.00000002.2435883667.0000021030070000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: xSO7sbN2j6.exe, 00000003.00000002.2435832830.0000021030030000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ntcore.com/files/richsign.htm
Source: xSO7sbN2j6.exe, 00000003.00000002.2435832830.0000021030030000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: xSO7sbN2j6.exe, 00000003.00000003.2427260813.00000210306C3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2420272100.00000210306B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/
Source: xSO7sbN2j6.exe, 00000001.00000003.2246060805.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2435780956.000002102FFF0000.00000004.00001000.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2254594450.000002102E62E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: xSO7sbN2j6.exe, 00000003.00000002.2435047798.000002102DFB0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: xSO7sbN2j6.exe, 00000003.00000003.2427260813.00000210306C3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2437767537.00000210306C4000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2420272100.00000210306B1000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2430312247.00000210306C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: xSO7sbN2j6.exe, 00000003.00000002.2437313978.0000021030500000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://auscitte.github.io/systems%20blog/Exception-Directory-pefile#implementation-details
Source: xSO7sbN2j6.exe, 00000003.00000002.2439890285.0000021030F80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: xSO7sbN2j6.exe, 00000003.00000002.2439352613.0000021030C20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2425207464.0000021030208000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: xSO7sbN2j6.exe, 00000003.00000003.2428147875.000002102E61C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251857001.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431983853.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251711442.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2435267835.000002102E620000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252362356.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2434678392.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429262032.000002102DE24000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429012313.000002102DE17000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251408429.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252165282.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2428839810.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422739995.000002102DE12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: xSO7sbN2j6.exe, 00000003.00000002.2437139354.0000021030370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: xSO7sbN2j6.exe, 00000001.00000003.2245348776.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243434894.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2245250027.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244843348.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2245348776.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2245250027.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244989268.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243739150.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244711265.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244711265.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2229733855.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2245110481.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2445756170.00007FF8B801B000.00000004.00000001.01000000.0000000C.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2445273022.00007FF8B78CB000.00000004.00000001.01000000.0000000F.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2445053706.00007FF8B61E1000.00000004.00000001.01000000.00000014.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2444783479.00007FF8B61BE000.00000004.00000001.01000000.00000015.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2442979393.00007FF8A89BD000.00000004.00000001.01000000.0000000E.sdmp, win32security.pyd.1.dr, win32trace.pyd.1.dr, win32net.pyd.1.dr, win32api.pyd.1.dr	String found in binary or memory: https://github.com/mhammond/pywin32
Source: xSO7sbN2j6.exe, 00000003.00000002.2434833250.000002102DE70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: xSO7sbN2j6.exe, 00000003.00000003.2422739995.000002102DE12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: xSO7sbN2j6.exe, 00000003.00000003.2428147875.000002102E61C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251857001.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431983853.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251711442.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2435267835.000002102E620000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252362356.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2434678392.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429262032.000002102DE24000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429012313.000002102DE17000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251408429.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252165282.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2428839810.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422739995.000002102DE12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: xSO7sbN2j6.exe, 00000003.00000003.2428147875.000002102E61C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251857001.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431983853.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251711442.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2435267835.000002102E620000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252362356.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2434678392.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429262032.000002102DE24000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429012313.000002102DE17000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251408429.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252165282.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2428839810.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422739995.000002102DE12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: xSO7sbN2j6.exe, 00000003.00000002.2439352613.0000021030C20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433838314.0000021030224000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431674157.000002103021F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2436577050.0000021030225000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2426840147.000002103021A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: xSO7sbN2j6.exe, 00000003.00000002.2439623686.0000021030DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: xSO7sbN2j6.exe, 00000003.00000002.2439623686.0000021030DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/29200
Source: xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423367529.0000021030687000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423290501.000002102E669000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2426840147.000002103021A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433603496.000002103068A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2424521540.000002103068A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423367529.0000021030687000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2426840147.000002103021A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433603496.000002103068A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2424521540.000002103068A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431934560.000002103020D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: xSO7sbN2j6.exe, 00000003.00000003.2423290501.000002102E669000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: xSO7sbN2j6.exe, 00000003.00000003.2420272100.000002103071B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: xSO7sbN2j6.exe, 00000003.00000003.2427260813.00000210306C3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2420272100.00000210306B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2439890285.0000021030F80000.00000004.00001000.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2437590272.0000021030675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: xSO7sbN2j6.exe, 00000003.00000002.2437139354.0000021030370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/4457745#4457745
Source: xSO7sbN2j6.exe, 00000003.00000003.2426690756.00000210300F3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431068921.00000210300FB000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030084000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423437104.0000021030085000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2432380367.0000021030100000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2425207464.0000021030208000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423290501.000002102E669000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: xSO7sbN2j6.exe, 00000001.00000003.2241172247.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, upx.exe.1.dr	String found in binary or memory: https://upx.github.ioT
Source: xSO7sbN2j6.exe, 00000003.00000002.2439623686.0000021030DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: xSO7sbN2j6.exe, 00000003.00000002.2439438753.0000021030CA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: xSO7sbN2j6.exe, 00000003.00000002.2436994535.00000210302B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mandiant.com/resources/blog/tracking-malware-import-hashing
Source: xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2442165063.00007FF8A84FE000.00000004.00000001.01000000.00000017.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2442708741.00007FF8A88F1000.00000004.00000001.01000000.00000019.sdmp, libssl-1_1.dll.1.dr	String found in binary or memory: https://www.openssl.org/H
Source: xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423367529.0000021030687000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2426840147.000002103021A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433603496.000002103068A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2424521540.000002103068A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Detected potential crypto function

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C4EA0	1_2_00007FF73D7C4EA0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C5DEC	1_2_00007FF73D7C5DEC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7A58E0	1_2_00007FF73D7A58E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B16C4	1_2_00007FF73D7B16C4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B66C4	1_2_00007FF73D7B66C4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C2DB0	1_2_00007FF73D7C2DB0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7BFA88	1_2_00007FF73D7BFA88
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B2614	1_2_00007FF73D7B2614
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7AFD40	1_2_00007FF73D7AFD40
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B0560	1_2_00007FF73D7B0560
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7BCD64	1_2_00007FF73D7BCD64
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C58A0	1_2_00007FF73D7C58A0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B70FC	1_2_00007FF73D7B70FC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7BD878	1_2_00007FF73D7BD878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B4FC0	1_2_00007FF73D7B4FC0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7AFF44	1_2_00007FF73D7AFF44
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B0764	1_2_00007FF73D7B0764
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B2A18	1_2_00007FF73D7B2A18
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C0A34	1_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C324C	1_2_00007FF73D7C324C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7BFA88	1_2_00007FF73D7BFA88
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B21DC	1_2_00007FF73D7B21DC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7BD1F8	1_2_00007FF73D7BD1F8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C511C	1_2_00007FF73D7C511C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B0150	1_2_00007FF73D7B0150
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B8D00	1_2_00007FF73D7B8D00
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7A7420	1_2_00007FF73D7A7420
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C8BE8	1_2_00007FF73D7C8BE8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B132C	1_2_00007FF73D7B132C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B0354	1_2_00007FF73D7B0354
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C4EA0	3_2_00007FF73D7C4EA0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C5DEC	3_2_00007FF73D7C5DEC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B21DC	3_2_00007FF73D7B21DC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B132C	3_2_00007FF73D7B132C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B16C4	3_2_00007FF73D7B16C4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B66C4	3_2_00007FF73D7B66C4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C2DB0	3_2_00007FF73D7C2DB0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7BFA88	3_2_00007FF73D7BFA88
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B2614	3_2_00007FF73D7B2614
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7AFD40	3_2_00007FF73D7AFD40
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B0560	3_2_00007FF73D7B0560
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7BCD64	3_2_00007FF73D7BCD64
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C58A0	3_2_00007FF73D7C58A0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7A58E0	3_2_00007FF73D7A58E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B70FC	3_2_00007FF73D7B70FC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7BD878	3_2_00007FF73D7BD878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B4FC0	3_2_00007FF73D7B4FC0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7AFF44	3_2_00007FF73D7AFF44
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B0764	3_2_00007FF73D7B0764
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B2A18	3_2_00007FF73D7B2A18
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C0A34	3_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C324C	3_2_00007FF73D7C324C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7BFA88	3_2_00007FF73D7BFA88
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7BD1F8	3_2_00007FF73D7BD1F8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C511C	3_2_00007FF73D7C511C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B0150	3_2_00007FF73D7B0150
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B8D00	3_2_00007FF73D7B8D00
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7A7420	3_2_00007FF73D7A7420
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C8BE8	3_2_00007FF73D7C8BE8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B0354	3_2_00007FF73D7B0354
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A80912C0	3_2_00007FF8A80912C0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A80918E0	3_2_00007FF8A80918E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A84FCDE0	3_2_00007FF8A84FCDE0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4147	3_2_00007FF8A81B4147
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2121	3_2_00007FF8A81B2121
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82E69B0	3_2_00007FF8A82E69B0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A834EAF0	3_2_00007FF8A834EAF0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1AEB	3_2_00007FF8A81B1AEB
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1F82	3_2_00007FF8A81B1F82
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6A23	3_2_00007FF8A81B6A23
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B65BE	3_2_00007FF8A81B65BE
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A829AD30	3_2_00007FF8A829AD30
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6028	3_2_00007FF8A81B6028
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B673F	3_2_00007FF8A81B673F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B12A8	3_2_00007FF8A81B12A8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6104	3_2_00007FF8A81B6104
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3EBD	3_2_00007FF8A81B3EBD
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CEF00	3_2_00007FF8A81CEF00
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2680	3_2_00007FF8A81B2680
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CF060	3_2_00007FF8A81CF060
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82EF090	3_2_00007FF8A82EF090
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2437	3_2_00007FF8A81B2437
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8366120	3_2_00007FF8A8366120
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82E61A0	3_2_00007FF8A82E61A0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2351	3_2_00007FF8A81B2351
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6258	3_2_00007FF8A81B6258
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B443F	3_2_00007FF8A81B443F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B30AD	3_2_00007FF8A81B30AD
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B51F5	3_2_00007FF8A81B51F5
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B24B9	3_2_00007FF8A81B24B9
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6942	3_2_00007FF8A81B6942
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3800	3_2_00007FF8A81B3800
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4DC2	3_2_00007FF8A81B4DC2
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2B3F	3_2_00007FF8A81B2B3F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B19E2	3_2_00007FF8A81B19E2
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82927B0	3_2_00007FF8A82927B0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B105F	3_2_00007FF8A81B105F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6573	3_2_00007FF8A81B6573
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4E9E	3_2_00007FF8A81B4E9E
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3DD7	3_2_00007FF8A81B3DD7
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B283D	3_2_00007FF8A81B283D
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3C33	3_2_00007FF8A81B3C33
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A821FA00	3_2_00007FF8A821FA00
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B11DB	3_2_00007FF8A81B11DB
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A834FC50	3_2_00007FF8A834FC50
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CBD60	3_2_00007FF8A81CBD60
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B12C1	3_2_00007FF8A81B12C1
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1893	3_2_00007FF8A81B1893
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B466F	3_2_00007FF8A81B466F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82EFE50	3_2_00007FF8A82EFE50
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1B9F	3_2_00007FF8A81B1B9F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B403E	3_2_00007FF8A81B403E
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1B7C	3_2_00007FF8A81B1B7C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CBF20	3_2_00007FF8A81CBF20
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B201D	3_2_00007FF8A81B201D
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3878	3_2_00007FF8A81B3878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A834C050	3_2_00007FF8A834C050
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B135C	3_2_00007FF8A81B135C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B71C6	3_2_00007FF8A81B71C6
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B62A3	3_2_00007FF8A81B62A3
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B5227	3_2_00007FF8A81B5227
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82DF120	3_2_00007FF8A82DF120
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B51FA	3_2_00007FF8A81B51FA
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B48EA	3_2_00007FF8A81B48EA
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CF200	3_2_00007FF8A81CF200
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1EBF	3_2_00007FF8A81B1EBF
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B259A	3_2_00007FF8A81B259A
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2A3B	3_2_00007FF8A81B2A3B
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2522	3_2_00007FF8A81B2522
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B524A	3_2_00007FF8A81B524A
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B60FF	3_2_00007FF8A81B60FF
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81DB4C0	3_2_00007FF8A81DB4C0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1BD1	3_2_00007FF8A81B1BD1
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4B92	3_2_00007FF8A81B4B92
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A834B6D0	3_2_00007FF8A834B6D0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B5BB9	3_2_00007FF8A81B5BB9
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3ECC	3_2_00007FF8A81B3ECC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B34C2	3_2_00007FF8A81B34C2
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81DB850	3_2_00007FF8A81DB850
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82DB8A0	3_2_00007FF8A82DB8A0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B643D	3_2_00007FF8A81B643D
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B381E	3_2_00007FF8A81B381E
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B5038	3_2_00007FF8A81B5038
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2941	3_2_00007FF8A81B2941
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8350B70	3_2_00007FF8A8350B70
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B60AF	3_2_00007FF8A81B60AF
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A83E8CF0	3_2_00007FF8A83E8CF0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82E4CE0	3_2_00007FF8A82E4CE0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6546	3_2_00007FF8A81B6546
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6302	3_2_00007FF8A81B6302
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2EC3	3_2_00007FF8A81B2EC3
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6EAB	3_2_00007FF8A81B6EAB
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1041	3_2_00007FF8A81B1041
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B321A	3_2_00007FF8A81B321A
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6014	3_2_00007FF8A81B6014
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82E4FF0	3_2_00007FF8A82E4FF0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4025	3_2_00007FF8A81B4025
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3751	3_2_00007FF8A81B3751
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3DE1	3_2_00007FF8A81B3DE1
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B515F	3_2_00007FF8A81B515F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B66EA	3_2_00007FF8A81B66EA
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4B42	3_2_00007FF8A81B4B42
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8364260	3_2_00007FF8A8364260
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8260200	3_2_00007FF8A8260200
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82DC240	3_2_00007FF8A82DC240
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2C66	3_2_00007FF8A81B2C66
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B71E4	3_2_00007FF8A81B71E4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82F0450	3_2_00007FF8A82F0450
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B5740	3_2_00007FF8A81B5740
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3981	3_2_00007FF8A81B3981
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CC480	3_2_00007FF8A81CC480
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2BDA	3_2_00007FF8A81B2BDA
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CC620	3_2_00007FF8A81CC620
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B7063	3_2_00007FF8A81B7063
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3148	3_2_00007FF8A81B3148
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B17E9	3_2_00007FF8A81B17E9
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B111D	3_2_00007FF8A81B111D
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2C07	3_2_00007FF8A81B2C07
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4E08	3_2_00007FF8A81B4E08
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B12EE	3_2_00007FF8A81B12EE
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B736A	3_2_00007FF8A81B736A
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2770	3_2_00007FF8A81B2770
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8365970	3_2_00007FF8A8365970
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B35EE	3_2_00007FF8A81B35EE
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A1582D	7_2_00A1582D
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A10A9B	7_2_00A10A9B
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A0823C	7_2_00A0823C
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A105F0	7_2_00A105F0
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A07EFA	7_2_00A07EFA
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Code function: 10_2_002694B0	10_2_002694B0

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: String function: 00A03FF0 appears 35 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B1055 appears 1131 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B207C appears 65 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B5E02 appears 543 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF73D7A1C50 appears 90 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B1C12 appears 98 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B4115 appears 285 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B46A6 appears 112 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B4214 appears 36 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF73D7A1CB0 appears 38 times

PE file contains executable resources (Code or Archives)

Source: win32ui.pyd.1.dr	Static PE information: Resource name: RT_CURSOR type: DOS executable (COM, 0x8C-variant)
Source: win32ui.pyd.1.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: unicodedata.pyd.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: api-ms-win-core-handle-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: python3.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232552994.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232822044.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2245348776.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32wnet.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232106594.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239664904.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232918955.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2240170760.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2235950959.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234782736.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2243434894.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepythoncom38.dll0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234634320.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2236165439.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234396719.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232435962.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2245250027.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32trace.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233290847.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepyexpat.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_elementtree.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239861973.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239037297.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234547266.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244843348.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231902757.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2238777336.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233634128.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239258092.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232341692.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2230257256.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233028833.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2245348776.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32wnet.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2237358262.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231807921.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232671264.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2235634596.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233543724.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239987749.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232218108.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234300243.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234146122.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2245250027.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32trace.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2240443886.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244989268.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32net.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244110686.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2243739150.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepywintypes38.dll0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233738349.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2235784465.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244711265.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_win32sysloader.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2241172247.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameupx.exe( vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2230430431.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239479830.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244711265.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_win32sysloader.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233416251.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2225271860.000001EB0963A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2236972106.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239773442.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2229733855.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32ui.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2245110481.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32security.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233871695.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2445756170.00007FF8B801B000.00000004.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilenamepywintypes38.dll0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2445996971.00007FF8B8112000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2446611440.00007FF8B8CBC000.00000004.00000001.01000000.0000001B.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2448841371.00007FF8BFAD6000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2443805965.00007FF8A8E07000.00000004.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamepython38.dll. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2441390190.00007FF8A81A1000.00000004.00000001.01000000.0000001E.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2448066086.00007FF8B9F69000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2442165063.00007FF8A84FE000.00000004.00000001.01000000.00000017.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2445273022.00007FF8B78CB000.00000004.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2448608318.00007FF8BA4F2000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2442708741.00007FF8A88F1000.00000004.00000001.01000000.00000019.sdmp	Binary or memory string: OriginalFilenamelibsslH vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2445053706.00007FF8B61E1000.00000004.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilenamewin32net.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2447268382.00007FF8B9106000.00000004.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2444783479.00007FF8B61BE000.00000004.00000001.01000000.00000015.sdmp	Binary or memory string: OriginalFilenamewin32security.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2446255115.00007FF8B8269000.00000004.00000001.01000000.00000011.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2444222330.00007FF8B573C000.00000004.00000001.01000000.00000018.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2444486642.00007FF8B6180000.00000004.00000001.01000000.00000016.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2447618348.00007FF8B984C000.00000004.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2447462091.00007FF8B93DB000.00000004.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2446968005.00007FF8B8F9D000.00000004.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2442979393.00007FF8A89BD000.00000004.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilenamepythoncom38.dll0 vs xSO7sbN2j6.exe

Source: libcrypto-1_1.dll.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.998678197927011
Source: libssl-1_1.dll.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9901204901603499
Source: python38.dll.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.999271124301676
Source: pythoncom38.dll.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9918376865671642
Source: win32ui.pyd.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9930449695121951
Source: unicodedata.pyd.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9942785780669146
Source: _cffi.cp38-win_amd64.pyd.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.995086669921875
Source: backend_c.cp38-win_amd64.pyd.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.992855787803532

Source: classification engine

Classification label: mal100.evad.winEXE@8/83@0/0

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7A6670 GetLastError,FormatMessageW,WideCharToMultiByte,

1_2_00007FF73D7A6670

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3576:120:WilError_03

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI12682

Jump to behavior

Source: xSO7sbN2j6.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: xSO7sbN2j6.exe	ReversingLabs: Detection: 15%
Source: xSO7sbN2j6.exe	Virustotal: Detection: 16%

Source: xSO7sbN2j6.exe	String found in binary or memory: set-addPolicy
Source: xSO7sbN2j6.exe	String found in binary or memory: id-cmc-addExtensions

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

File read: C:\Users\user\Desktop\xSO7sbN2j6.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\xSO7sbN2j6.exe "C:\Users\user\Desktop\xSO7sbN2j6.exe"
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\Desktop\xSO7sbN2j6.exe "C:\Users\user\Desktop\xSO7sbN2j6.exe"
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/netconn_properties.exe
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/registers.exe
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\Desktop\xSO7sbN2j6.exe "C:\Users\user\Desktop\xSO7sbN2j6.exe"	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/netconn_properties.exe	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/registers.exe	Jump to behavior

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

File opened: C:\Users\user\Desktop\pyvenv.cfg

Jump to behavior

Source: xSO7sbN2j6.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: xSO7sbN2j6.exe

Static file information: File size 11440768 > 1048576

Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: xSO7sbN2j6.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: xSO7sbN2j6.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239037297.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32net.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444861222.00007FF8B61C1000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\c\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb source: registers.exe, registers.exe, 0000000A.00000002.2415695027.0000000000261000.00000040.00000001.01000000.00000022.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239773442.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\select.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447521757.00007FF8B9841000.00000040.00000001.01000000.00000012.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_A source: xSO7sbN2j6.exe
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232435962.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
Source:	Binary string: ucrtbase.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445898778.00007FF8B80D5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.1.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233416251.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232106594.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445592803.00007FF8B7FF1000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234782736.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2237358262.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\python38.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2443034874.00007FF8A8CCC000.00000040.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\Users\c\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb%% source: registers.exe, 0000000A.00000002.2415695027.0000000000261000.00000040.00000001.01000000.00000022.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239861973.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32security.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444589477.00007FF8B6191000.00000040.00000001.01000000.00000015.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232822044.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\python3.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2448608318.00007FF8BA4F2000.00000002.00000001.01000000.00000007.sdmp, python3.dll.1.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235784465.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234547266.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2236972106.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_ssl.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444067430.00007FF8B5711000.00000040.00000001.01000000.00000018.sdmp
Source:	Binary string: D:\a01\_work\26\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2230257256.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2448737746.00007FF8BFAD1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232218108.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233738349.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2231807921.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232341692.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2236165439.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb source: xSO7sbN2j6.exe, xSO7sbN2j6.exe, 00000003.00000002.2442460559.00007FF8A88B4000.00000040.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\Users\b\source\repos\ConsoleApplication1\Release\ConsoleApplication1.pdb source: netconn_properties.exe, netconn_properties.exe, 00000007.00000002.2414728783.0000000000A01000.00000040.00000001.01000000.00000021.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234146122.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: xSO7sbN2j6.exe, 00000003.00000002.2445898778.00007FF8B80D5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\unicodedata.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2441062409.00007FF8A8195000.00000040.00000001.01000000.0000001E.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2240170760.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a01\_work\26\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2230430431.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2447867332.00007FF8B9F65000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pythoncom.pdb}},GCTL source: xSO7sbN2j6.exe, 00000003.00000002.2442766857.00007FF8A8901000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: MSVCP140.dll.1.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232671264.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_bz2.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447332028.00007FF8B93C1000.00000040.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_lzma.pdbMM source: xSO7sbN2j6.exe, 00000003.00000002.2446708944.00007FF8B8F8D000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb** source: xSO7sbN2j6.exe, 00000003.00000002.2445592803.00007FF8B7FF1000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: MSVCP140.dll.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234634320.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_hashlib.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444302392.00007FF8B6176000.00000040.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb?? source: xSO7sbN2j6.exe, 00000003.00000002.2442460559.00007FF8A88B4000.00000040.00000001.01000000.00000019.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233634128.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: xSO7sbN2j6.exe, 00000003.00000002.2441450814.00007FF8A83F8000.00000040.00000001.01000000.00000017.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2231902757.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32net.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444861222.00007FF8B61C1000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235950959.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_socket.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446080851.00007FF8B8251000.00000040.00000001.01000000.00000011.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233290847.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239258092.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_ctypes.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447129812.00007FF8B90E1000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_lzma.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446708944.00007FF8B8F8D000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233871695.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233543724.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239479830.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2240443886.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234300243.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235634596.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234396719.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232552994.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239664904.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233028833.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pythoncom.pdb source: xSO7sbN2j6.exe, xSO7sbN2j6.exe, 00000003.00000002.2442766857.00007FF8A8901000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1k 25 Mar 2021built on: Tue Apr 6 11:26:02 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: xSO7sbN2j6.exe, 00000003.00000002.2441450814.00007FF8A83F8000.00000040.00000001.01000000.00000017.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232918955.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_queue.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446511663.00007FF8B8CB1000.00000040.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32api.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445139659.00007FF8B78A1000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2238777336.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239987749.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32api.pdb!! source: xSO7sbN2j6.exe, 00000003.00000002.2445139659.00007FF8B78A1000.00000040.00000001.01000000.0000000F.sdmp

Source: xSO7sbN2j6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: xSO7sbN2j6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: xSO7sbN2j6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: xSO7sbN2j6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: xSO7sbN2j6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Binary contains a suspicious time stamp

Source: api-ms-win-crt-process-l1-1-0.dll.1.dr

Static PE information: 0xA8F275DA [Mon Oct 27 06:36:10 2059 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 3_2_00007FF8A84FCDE0 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,

3_2_00007FF8A84FCDE0

PE file contains sections with non-standard names

Source: xSO7sbN2j6.exe	Static PE information: section name: _RDATA
Source: libffi-7.dll.1.dr	Static PE information: section name: UPX2
Source: mfc140u.dll.1.dr	Static PE information: section name: .didat
Source: VCRUNTIME140.dll.1.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A80991E7 push rdi; iretd	3_2_00007FF8A80991E9
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8099328 push r10; retf	3_2_00007FF8A8099391
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8099C33 push rsp; retf	3_2_00007FF8A8099C34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096C71 push r10; ret	3_2_00007FF8A8096C73
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096D16 push r8; ret	3_2_00007FF8A8096D23
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096D3A push r12; ret	3_2_00007FF8A8096D3C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8099DB1 push rsp; iretq	3_2_00007FF8A8099DB2
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A80985AF push rbp; retf	3_2_00007FF8A80985C8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A80985F4 push r12; ret	3_2_00007FF8A8098630
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096E36 push rsp; ret	3_2_00007FF8A8096E3E
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096E7E push rdi; iretd	3_2_00007FF8A8096E80
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8098EAA push rbp; iretq	3_2_00007FF8A8098EAB
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096EC5 push rsi; ret	3_2_00007FF8A8096EC6
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096EEF push r10; retf	3_2_00007FF8A8096EF2
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096F00 push r12; ret	3_2_00007FF8A8096F1E
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8098F42 push r12; ret	3_2_00007FF8A8098F69
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096F63 push r12; ret	3_2_00007FF8A8096F7B
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8098F97 push r12; iretd	3_2_00007FF8A8098FAE
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096F88 push r8; ret	3_2_00007FF8A8096F90
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096FC2 push r10; ret	3_2_00007FF8A8096FD5
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A809784D push rsi; ret	3_2_00007FF8A8097884
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A1B9FD push esi; ret	7_2_00A1BA06
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A15F41 push ecx; ret	7_2_00A15F54

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Process created: "C:\Users\user\Desktop\xSO7sbN2j6.exe"

Drops PE files

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\MSVCP140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32security.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\_cffi.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\python38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\upx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32net.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pywintypes38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32wnet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\backend_c.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pythoncom38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md__mypyc.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7A2F20 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_00007FF73D7A2F20

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe

Code function: 10_2_00261520

10_2_00261520

Queries BIOS fan information (via WMI, Win32_Fan, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Fan

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_CacheMemory
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_MemoryDevice
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_MemoryArray
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_MemoryCapacity
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_SMBIOSMemory
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_Memory
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController

Queries temperature or sensor information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_NumericSensor
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_Sensor
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_TemperatureSensor
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PerfFormattedData_Counters_ThermalZoneInformation

Queries voltage information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VoltageProbe
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_VoltageSensor

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 261592 second address: 26159C instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+44h], eax 0x00000006 mov dword ptr [esp+40h], edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 26159C second address: 2615A6 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+3Ch], eax 0x00000006 mov dword ptr [esp+38h], edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 2615A6 second address: 2615B0 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+34h], eax 0x00000006 mov dword ptr [esp+30h], edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 2615B0 second address: 2615BA instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+2Ch], eax 0x00000006 mov dword ptr [esp+28h], edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 2615BA second address: 2615CA instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+24h], eax 0x00000006 xor eax, eax 0x00000008 push ebx 0x00000009 mov dword ptr [esp+24h], edx 0x0000000d cpuid 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 2615CA second address: 2615DC instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+1Ch], eax 0x00000006 xor ecx, ecx 0x00000008 xor eax, eax 0x0000000a mov dword ptr [esp+18h], edx 0x0000000e push ebx 0x0000000f cpuid 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 2615DC second address: 2615EE instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+14h], eax 0x00000006 xor ecx, ecx 0x00000008 xor eax, eax 0x0000000a mov dword ptr [esp+10h], edx 0x0000000e push ebx 0x0000000f cpuid 0x00000011 pop ebx 0x00000012 rdtsc

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe

Code function: 10_2_00261520 rdtsc

10_2_00261520

Contains functionality to detect virtual machines (SGDT)

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe

Code function: 10_2_00261520 sgdt fword ptr [esp+000000B0h]

10_2_00261520

Contains functionality to detect virtual machines (SIDT)

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe

Code function: 10_2_00261520 sidt fword ptr [esp+000000A8h]

10_2_00261520

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32security.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\_cffi.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\python38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\upx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32net.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pywintypes38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32wnet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\backend_c.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pythoncom38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md__mypyc.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file

Found evasive API chain checking for process token information

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	API coverage: 7.9 %
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	API coverage: 6.0 %

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7A69E0 FindFirstFileExW,FindClose,	1_2_00007FF73D7A69E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7A69E0 FindFirstFileExW,FindClose,	3_2_00007FF73D7A69E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4480 MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,00007FF8C610F020,FindFirstFileW,FindNextFileW,WideCharToMultiByte,	3_2_00007FF8A81B4480
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A0CD11 FindFirstFileExW,	7_2_00A0CD11

Source: xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: D9SCX8F8 VMCI Bus Device
Source: xSO7sbN2j6.exe, 00000003.00000003.2424369615.00000210307E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System Product6GAYZ12ED92742-89DC-DD72-92E8-869FA5A66493VMware, Inc.None
Source: xSO7sbN2j6.exe, 00000003.00000003.2424369615.00000210307E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: xSO7sbN2j6.exe, 00000003.00000003.2428147875.000002102E64D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityU8VE67KY VMCI Bus Device{4d36e97d-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityZY4E1A5N VMCI Bus DevicePCI\D_H5H1V6&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3FSystem.String[]VMware, Inc.D
Source: xSO7sbN2j6.exe, 00000003.00000002.2440026777.0000021031050000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM0
Source: xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: U8VE67KY VMCI Bus Device
Source: xSO7sbN2j6.exe, 00000003.00000003.2420878508.00000210307FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MBLMEM
Source: xSO7sbN2j6.exe, 00000003.00000003.2421755441.0000021031790000.00000004.00001000.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2297584953.00000210307FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: xSO7sbN2j6.exe, 00000003.00000003.2430979576.0000021030172000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2427750884.000002103016B000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423625603.0000021030163000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2432460343.0000021030173000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2257911551.00000210300E3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423685730.000002103016A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423437104.0000021030111000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2436306792.0000021030174000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2430089157.0000021030171000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: xSO7sbN2j6.exe, 00000003.00000002.2439982644.0000021031000000.00000004.00001000.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2297912338.00000210307D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: xSO7sbN2j6.exe, 00000003.00000003.2297912338.00000210307D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityMicrosoft Hyper-V Virtualization Infrastructure Driver{4d36e97d-e325-11ce-bfc1-08002be10318}Win32_PnPEntityMicrosoft Hyper-V Virtualization Infrastructure DriverROOT\VID\0000System.String[]MicrosoftMicrosoft Hyper-V Virtualization Infrastructure DriverSystemROOT\VID\0000VidOKWin32_ComputerSystemuser-PC
Source: xSO7sbN2j6.exe, 00000003.00000003.2297584953.00000210307FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityMicrosoft Hyper-V Generation Counter{4d36e97d-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityMicrosoft Hyper-V Generation CounterACPI\VMW0001\7System.String[]MicrosoftMicrosoft Hyper-V Generation CounterSystemACPI\VMW0001\7gencounterOKWin32_ComputerSystemuser-PC
Source: xSO7sbN2j6.exe, 00000003.00000003.2420878508.00000210307FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: xSO7sbN2j6.exe, 00000003.00000002.2435267835.000002102E64D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityU8VE67KY VMCI Bus Device{4d36e97d-e325-11ce-bfc1-08002be10318}System.Stp
Source: xSO7sbN2j6.exe, 00000003.00000003.2421755441.0000021031790000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation Countercthingp
Source: xSO7sbN2j6.exe, 00000003.00000003.2421755441.0000021031790000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation Countercthing0
Source: xSO7sbN2j6.exe, 00000003.00000003.2421755441.0000021031790000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation CountercthingP
Source: xSO7sbN2j6.exe, 00000003.00000002.2440334952.0000021031390000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ZY4E1A5N VMCI Bus Device
Source: xSO7sbN2j6.exe, 00000003.00000003.2427487296.00000210313D0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware, Inc..p
Source: xSO7sbN2j6.exe, 00000003.00000002.2435267835.000002102E64D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityZY4E1A5N VMCI Bus DevicePCI\D_H5H1V6&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3FSystem.String[]VMware, Inc.D
Source: xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityU8VE67KY VMCI Bus Device{4d36e97d-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityZY4E1A5N VMCI Bus DevicePCI\D_H5H1V6&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3FSystem.String[]VMware, Inc.D9SCX8F8 VMCI Bus DeviceSystemPCI\9GOTKCRT&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3FvmciOKWin32_ComputerSystemuser-PC
Source: xSO7sbN2j6.exe, 00000003.00000002.2440237150.00000210312D0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware, Inc..
Source: xSO7sbN2j6.exe, 00000003.00000002.2439982644.0000021031000000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driverp

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe

Code function: 10_2_00261520 rdtsc

10_2_00261520

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7AAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_00007FF73D7AAA2C

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 3_2_00007FF8A84FCDE0 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,

3_2_00007FF8A84FCDE0

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7C2620 GetProcessHeap,

1_2_00007FF73D7C2620

Enables debug privileges

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7AAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF73D7AAA2C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7AA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FF73D7AA180
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF73D7B9C44
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7AABD4 SetUnhandledExceptionFilter,	1_2_00007FF73D7AABD4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7AAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF73D7AAA2C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7AA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FF73D7AA180
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF73D7B9C44
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7AABD4 SetUnhandledExceptionFilter,	3_2_00007FF73D7AABD4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8093354 IsProcessorFeaturePresent,00007FF8BFAC19A0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FF8BFAC19A0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF8A8093354
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B5001 __scrt_fastfail,IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF8A81B5001
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A03906 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00A03906
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A03DAE IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00A03DAE
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A08DD4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00A08DD4
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A03F10 SetUnhandledExceptionFilter,	7_2_00A03F10
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Code function: 10_2_00261805 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00261805
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Code function: 10_2_00261F77 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00261F77
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Code function: 10_2_002620D9 SetUnhandledExceptionFilter,	10_2_002620D9

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\Desktop\xSO7sbN2j6.exe "C:\Users\user\Desktop\xSO7sbN2j6.exe"	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/netconn_properties.exe	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/registers.exe	Jump to behavior

Source: xSO7sbN2j6.exe, 00000003.00000002.2437458016.00000210305D0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DOF_PROGMAN0
Source: xSO7sbN2j6.exe, 00000003.00000002.2437458016.00000210305D0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DOF_PROGMAN

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7C8A30 cpuid

1_2_00007FF73D7C8A30

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\ucrtbase.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0muh7zmj VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp179_cpv3 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pywintypes38.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pythoncom38.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32api.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp179_cpv3 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp179_cpv3\gen_py\__init__.py VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp179_cpv3\gen_py\dicts.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil\_psutil_windows.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32net.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32security.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\backend_c.cp38-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md.cp38-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md__mypyc.cp38-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\unicodedata.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp179_cpv3 VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7AA910 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

1_2_00007FF73D7AA910

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7C4EA0 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

1_2_00007FF73D7C4EA0

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Contacted Domains

Name	IP	Active
fp2e7a.wpc.phicdn.net	192.229.211.108	true

AV Detection

Multi AV Scanner detection for submitted file

Source: xSO7sbN2j6.exe	ReversingLabs: Detection: 15%
Source: xSO7sbN2j6.exe	Virustotal: Detection: 16%			Perma Link

Source: xSO7sbN2j6.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239037297.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32net.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444861222.00007FF8B61C1000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\c\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb source: registers.exe, registers.exe, 0000000A.00000002.2415695027.0000000000261000.00000040.00000001.01000000.00000022.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239773442.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\select.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447521757.00007FF8B9841000.00000040.00000001.01000000.00000012.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_A source: xSO7sbN2j6.exe
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232435962.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
Source:	Binary string: ucrtbase.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445898778.00007FF8B80D5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.1.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233416251.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232106594.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445592803.00007FF8B7FF1000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234782736.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2237358262.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\python38.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2443034874.00007FF8A8CCC000.00000040.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\Users\c\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb%% source: registers.exe, 0000000A.00000002.2415695027.0000000000261000.00000040.00000001.01000000.00000022.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239861973.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32security.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444589477.00007FF8B6191000.00000040.00000001.01000000.00000015.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232822044.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\python3.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2448608318.00007FF8BA4F2000.00000002.00000001.01000000.00000007.sdmp, python3.dll.1.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235784465.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234547266.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2236972106.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_ssl.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444067430.00007FF8B5711000.00000040.00000001.01000000.00000018.sdmp
Source:	Binary string: D:\a01\_work\26\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2230257256.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2448737746.00007FF8BFAD1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232218108.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233738349.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2231807921.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232341692.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2236165439.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb source: xSO7sbN2j6.exe, xSO7sbN2j6.exe, 00000003.00000002.2442460559.00007FF8A88B4000.00000040.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\Users\b\source\repos\ConsoleApplication1\Release\ConsoleApplication1.pdb source: netconn_properties.exe, netconn_properties.exe, 00000007.00000002.2414728783.0000000000A01000.00000040.00000001.01000000.00000021.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234146122.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: xSO7sbN2j6.exe, 00000003.00000002.2445898778.00007FF8B80D5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\unicodedata.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2441062409.00007FF8A8195000.00000040.00000001.01000000.0000001E.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2240170760.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a01\_work\26\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2230430431.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2447867332.00007FF8B9F65000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pythoncom.pdb}},GCTL source: xSO7sbN2j6.exe, 00000003.00000002.2442766857.00007FF8A8901000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: MSVCP140.dll.1.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232671264.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_bz2.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447332028.00007FF8B93C1000.00000040.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_lzma.pdbMM source: xSO7sbN2j6.exe, 00000003.00000002.2446708944.00007FF8B8F8D000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb** source: xSO7sbN2j6.exe, 00000003.00000002.2445592803.00007FF8B7FF1000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: MSVCP140.dll.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234634320.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_hashlib.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444302392.00007FF8B6176000.00000040.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb?? source: xSO7sbN2j6.exe, 00000003.00000002.2442460559.00007FF8A88B4000.00000040.00000001.01000000.00000019.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233634128.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: xSO7sbN2j6.exe, 00000003.00000002.2441450814.00007FF8A83F8000.00000040.00000001.01000000.00000017.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2231902757.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32net.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444861222.00007FF8B61C1000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235950959.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_socket.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446080851.00007FF8B8251000.00000040.00000001.01000000.00000011.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233290847.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239258092.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_ctypes.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447129812.00007FF8B90E1000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_lzma.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446708944.00007FF8B8F8D000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233871695.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233543724.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239479830.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2240443886.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234300243.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235634596.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234396719.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232552994.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239664904.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233028833.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pythoncom.pdb source: xSO7sbN2j6.exe, xSO7sbN2j6.exe, 00000003.00000002.2442766857.00007FF8A8901000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1k 25 Mar 2021built on: Tue Apr 6 11:26:02 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: xSO7sbN2j6.exe, 00000003.00000002.2441450814.00007FF8A83F8000.00000040.00000001.01000000.00000017.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232918955.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_queue.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446511663.00007FF8B8CB1000.00000040.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32api.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445139659.00007FF8B78A1000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2238777336.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239987749.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32api.pdb!! source: xSO7sbN2j6.exe, 00000003.00000002.2445139659.00007FF8B78A1000.00000040.00000001.01000000.0000000F.sdmp

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7A69E0 FindFirstFileExW,FindClose,	1_2_00007FF73D7A69E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7A69E0 FindFirstFileExW,FindClose,	3_2_00007FF73D7A69E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4480 MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,00007FF8C610F020,FindFirstFileW,FindNextFileW,WideCharToMultiByte,	3_2_00007FF8A81B4480
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A0CD11 FindFirstFileExW,	7_2_00A0CD11

Source: xSO7sbN2j6.exe, 00000003.00000002.2439755385.0000021030E90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: xSO7sbN2j6.exe, 00000003.00000002.2436948556.0000021030270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://193.17.183.14:3000/
Source: xSO7sbN2j6.exe, 00000003.00000003.2254594450.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2435457331.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2432907096.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431258852.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422307122.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://193.17.183.14:3000/)
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2Assure
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr, pyexpat.pyd.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiC
Source: xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCM
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: xSO7sbN2j6.exe, 00000003.00000002.2439755385.0000021030E90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: xSO7sbN2j6.exe, 00000003.00000002.2437139354.0000021030370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://goo.gl/zeJZl
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2436577050.0000021030211000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431934560.000002103020D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2426840147.000002103021A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433468001.000002103020E000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433810897.0000021030210000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: xSO7sbN2j6.exe, 00000003.00000003.2423625603.0000021030163000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2427750884.0000021030164000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423437104.0000021030111000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: xSO7sbN2j6.exe, 00000003.00000003.2426690756.00000210300F3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431068921.00000210300FB000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030084000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423437104.0000021030085000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: xSO7sbN2j6.exe, 00000003.00000003.2254594450.000002102E62E000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433190982.0000021030082000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030084000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2432907096.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431258852.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422307122.000002102E6DF000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2428983620.0000021030085000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423437104.0000021030085000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433913042.0000021030089000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422597636.000002103007F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431770423.0000021030086000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://json.org
Source: xSO7sbN2j6.exe, 00000003.00000002.2437083752.0000021030330000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: xSO7sbN2j6.exe, 00000003.00000002.2443034874.00007FF8A8CCC000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: xSO7sbN2j6.exe, 00000003.00000002.2436948556.0000021030270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://timgolden.me.uk/python/wmi.html
Source: xSO7sbN2j6.exe, 00000003.00000002.2439623686.0000021030DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: xSO7sbN2j6.exe, 00000003.00000002.2435883667.0000021030070000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr, _ssl.pyd.1.dr, _lzma.pyd.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2436577050.0000021030211000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431934560.000002103020D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433468001.000002103020E000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433810897.0000021030210000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: xSO7sbN2j6.exe, 00000003.00000002.2435883667.0000021030070000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: xSO7sbN2j6.exe, 00000003.00000002.2435832830.0000021030030000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ntcore.com/files/richsign.htm
Source: xSO7sbN2j6.exe, 00000003.00000002.2435832830.0000021030030000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: xSO7sbN2j6.exe, 00000003.00000003.2427260813.00000210306C3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2420272100.00000210306B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/
Source: xSO7sbN2j6.exe, 00000001.00000003.2246060805.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2435780956.000002102FFF0000.00000004.00001000.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2254594450.000002102E62E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: xSO7sbN2j6.exe, 00000003.00000002.2435047798.000002102DFB0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: xSO7sbN2j6.exe, 00000003.00000003.2427260813.00000210306C3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2437767537.00000210306C4000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2420272100.00000210306B1000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2430312247.00000210306C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: xSO7sbN2j6.exe, 00000003.00000002.2437313978.0000021030500000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://auscitte.github.io/systems%20blog/Exception-Directory-pefile#implementation-details
Source: xSO7sbN2j6.exe, 00000003.00000002.2439890285.0000021030F80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: xSO7sbN2j6.exe, 00000003.00000002.2439352613.0000021030C20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2425207464.0000021030208000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: xSO7sbN2j6.exe, 00000003.00000003.2428147875.000002102E61C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251857001.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431983853.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251711442.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2435267835.000002102E620000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252362356.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2434678392.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429262032.000002102DE24000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429012313.000002102DE17000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251408429.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252165282.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2428839810.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422739995.000002102DE12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: xSO7sbN2j6.exe, 00000003.00000002.2437139354.0000021030370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: xSO7sbN2j6.exe, 00000001.00000003.2245348776.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243434894.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2245250027.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244843348.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2245348776.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2245250027.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244989268.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243739150.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244711265.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244711265.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2229733855.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2245110481.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2445756170.00007FF8B801B000.00000004.00000001.01000000.0000000C.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2445273022.00007FF8B78CB000.00000004.00000001.01000000.0000000F.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2445053706.00007FF8B61E1000.00000004.00000001.01000000.00000014.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2444783479.00007FF8B61BE000.00000004.00000001.01000000.00000015.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2442979393.00007FF8A89BD000.00000004.00000001.01000000.0000000E.sdmp, win32security.pyd.1.dr, win32trace.pyd.1.dr, win32net.pyd.1.dr, win32api.pyd.1.dr	String found in binary or memory: https://github.com/mhammond/pywin32
Source: xSO7sbN2j6.exe, 00000003.00000002.2434833250.000002102DE70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: xSO7sbN2j6.exe, 00000003.00000003.2422739995.000002102DE12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: xSO7sbN2j6.exe, 00000003.00000003.2428147875.000002102E61C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251857001.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431983853.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251711442.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2435267835.000002102E620000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252362356.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2434678392.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429262032.000002102DE24000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429012313.000002102DE17000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251408429.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252165282.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2428839810.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422739995.000002102DE12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: xSO7sbN2j6.exe, 00000003.00000003.2428147875.000002102E61C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251857001.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431983853.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251711442.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2435267835.000002102E620000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252362356.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2434678392.000002102DE25000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429262032.000002102DE24000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2429012313.000002102DE17000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2251408429.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2252165282.000002102DE23000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2428839810.000002102DE12000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422739995.000002102DE12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: xSO7sbN2j6.exe, 00000003.00000002.2439352613.0000021030C20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433838314.0000021030224000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431674157.000002103021F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2436577050.0000021030225000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2426840147.000002103021A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: xSO7sbN2j6.exe, 00000003.00000002.2439623686.0000021030DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: xSO7sbN2j6.exe, 00000003.00000002.2439623686.0000021030DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/29200
Source: xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423367529.0000021030687000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423290501.000002102E669000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2426840147.000002103021A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433603496.000002103068A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2424521540.000002103068A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423367529.0000021030687000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2426840147.000002103021A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433603496.000002103068A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2424521540.000002103068A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431934560.000002103020D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: xSO7sbN2j6.exe, 00000003.00000003.2423290501.000002102E669000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: xSO7sbN2j6.exe, 00000003.00000003.2420272100.000002103071B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: xSO7sbN2j6.exe, 00000003.00000003.2427260813.00000210306C3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2420272100.00000210306B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2439890285.0000021030F80000.00000004.00001000.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2437590272.0000021030675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: xSO7sbN2j6.exe, 00000003.00000002.2437139354.0000021030370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/4457745#4457745
Source: xSO7sbN2j6.exe, 00000003.00000003.2426690756.00000210300F3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2431068921.00000210300FB000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030084000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423437104.0000021030085000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2432380367.0000021030100000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2425207464.0000021030208000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423290501.000002102E669000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: xSO7sbN2j6.exe, 00000001.00000003.2241172247.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, upx.exe.1.dr	String found in binary or memory: https://upx.github.ioT
Source: xSO7sbN2j6.exe, 00000003.00000002.2439623686.0000021030DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: xSO7sbN2j6.exe, 00000003.00000002.2439438753.0000021030CA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2241515410.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242943794.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0964A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2242054897.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB09649000.00000004.00000020.00020000.00000000.sdmp, python3.dll.1.dr, libssl-1_1.dll.1.dr, unicodedata.pyd.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: xSO7sbN2j6.exe, 00000003.00000002.2436994535.00000210302B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mandiant.com/resources/blog/tracking-malware-import-hashing
Source: xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2442165063.00007FF8A84FE000.00000004.00000001.01000000.00000017.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2442708741.00007FF8A88F1000.00000004.00000001.01000000.00000019.sdmp, libssl-1_1.dll.1.dr	String found in binary or memory: https://www.openssl.org/H
Source: xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: xSO7sbN2j6.exe, 00000003.00000003.2423714607.000002103020C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422096808.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423197574.00000210301C9000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423367529.0000021030687000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2426840147.000002103021A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422877879.0000021030674000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2433603496.000002103068A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2424521540.000002103068A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Detected potential crypto function

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C4EA0	1_2_00007FF73D7C4EA0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C5DEC	1_2_00007FF73D7C5DEC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7A58E0	1_2_00007FF73D7A58E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B16C4	1_2_00007FF73D7B16C4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B66C4	1_2_00007FF73D7B66C4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C2DB0	1_2_00007FF73D7C2DB0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7BFA88	1_2_00007FF73D7BFA88
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B2614	1_2_00007FF73D7B2614
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7AFD40	1_2_00007FF73D7AFD40
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B0560	1_2_00007FF73D7B0560
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7BCD64	1_2_00007FF73D7BCD64
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C58A0	1_2_00007FF73D7C58A0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B70FC	1_2_00007FF73D7B70FC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7BD878	1_2_00007FF73D7BD878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B4FC0	1_2_00007FF73D7B4FC0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7AFF44	1_2_00007FF73D7AFF44
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B0764	1_2_00007FF73D7B0764
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B2A18	1_2_00007FF73D7B2A18
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C0A34	1_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C324C	1_2_00007FF73D7C324C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7BFA88	1_2_00007FF73D7BFA88
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B21DC	1_2_00007FF73D7B21DC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7BD1F8	1_2_00007FF73D7BD1F8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C511C	1_2_00007FF73D7C511C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B0150	1_2_00007FF73D7B0150
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B8D00	1_2_00007FF73D7B8D00
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7A7420	1_2_00007FF73D7A7420
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C8BE8	1_2_00007FF73D7C8BE8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B132C	1_2_00007FF73D7B132C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B0354	1_2_00007FF73D7B0354
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C4EA0	3_2_00007FF73D7C4EA0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C5DEC	3_2_00007FF73D7C5DEC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B21DC	3_2_00007FF73D7B21DC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B132C	3_2_00007FF73D7B132C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B16C4	3_2_00007FF73D7B16C4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B66C4	3_2_00007FF73D7B66C4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C2DB0	3_2_00007FF73D7C2DB0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7BFA88	3_2_00007FF73D7BFA88
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B2614	3_2_00007FF73D7B2614
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7AFD40	3_2_00007FF73D7AFD40
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B0560	3_2_00007FF73D7B0560
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7BCD64	3_2_00007FF73D7BCD64
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C58A0	3_2_00007FF73D7C58A0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7A58E0	3_2_00007FF73D7A58E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B70FC	3_2_00007FF73D7B70FC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7BD878	3_2_00007FF73D7BD878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B4FC0	3_2_00007FF73D7B4FC0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7AFF44	3_2_00007FF73D7AFF44
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B0764	3_2_00007FF73D7B0764
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B2A18	3_2_00007FF73D7B2A18
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C0A34	3_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C324C	3_2_00007FF73D7C324C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7BFA88	3_2_00007FF73D7BFA88
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7BD1F8	3_2_00007FF73D7BD1F8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C511C	3_2_00007FF73D7C511C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B0150	3_2_00007FF73D7B0150
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B8D00	3_2_00007FF73D7B8D00
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7A7420	3_2_00007FF73D7A7420
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C8BE8	3_2_00007FF73D7C8BE8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B0354	3_2_00007FF73D7B0354
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A80912C0	3_2_00007FF8A80912C0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A80918E0	3_2_00007FF8A80918E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A84FCDE0	3_2_00007FF8A84FCDE0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4147	3_2_00007FF8A81B4147
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2121	3_2_00007FF8A81B2121
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82E69B0	3_2_00007FF8A82E69B0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A834EAF0	3_2_00007FF8A834EAF0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1AEB	3_2_00007FF8A81B1AEB
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1F82	3_2_00007FF8A81B1F82
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6A23	3_2_00007FF8A81B6A23
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B65BE	3_2_00007FF8A81B65BE
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A829AD30	3_2_00007FF8A829AD30
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6028	3_2_00007FF8A81B6028
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B673F	3_2_00007FF8A81B673F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B12A8	3_2_00007FF8A81B12A8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6104	3_2_00007FF8A81B6104
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3EBD	3_2_00007FF8A81B3EBD
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CEF00	3_2_00007FF8A81CEF00
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2680	3_2_00007FF8A81B2680
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CF060	3_2_00007FF8A81CF060
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82EF090	3_2_00007FF8A82EF090
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2437	3_2_00007FF8A81B2437
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8366120	3_2_00007FF8A8366120
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82E61A0	3_2_00007FF8A82E61A0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2351	3_2_00007FF8A81B2351
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6258	3_2_00007FF8A81B6258
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B443F	3_2_00007FF8A81B443F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B30AD	3_2_00007FF8A81B30AD
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B51F5	3_2_00007FF8A81B51F5
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B24B9	3_2_00007FF8A81B24B9
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6942	3_2_00007FF8A81B6942
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3800	3_2_00007FF8A81B3800
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4DC2	3_2_00007FF8A81B4DC2
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2B3F	3_2_00007FF8A81B2B3F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B19E2	3_2_00007FF8A81B19E2
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82927B0	3_2_00007FF8A82927B0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B105F	3_2_00007FF8A81B105F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6573	3_2_00007FF8A81B6573
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4E9E	3_2_00007FF8A81B4E9E
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3DD7	3_2_00007FF8A81B3DD7
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B283D	3_2_00007FF8A81B283D
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3C33	3_2_00007FF8A81B3C33
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A821FA00	3_2_00007FF8A821FA00
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B11DB	3_2_00007FF8A81B11DB
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A834FC50	3_2_00007FF8A834FC50
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CBD60	3_2_00007FF8A81CBD60
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B12C1	3_2_00007FF8A81B12C1
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1893	3_2_00007FF8A81B1893
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B466F	3_2_00007FF8A81B466F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82EFE50	3_2_00007FF8A82EFE50
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1B9F	3_2_00007FF8A81B1B9F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B403E	3_2_00007FF8A81B403E
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1B7C	3_2_00007FF8A81B1B7C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CBF20	3_2_00007FF8A81CBF20
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B201D	3_2_00007FF8A81B201D
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3878	3_2_00007FF8A81B3878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A834C050	3_2_00007FF8A834C050
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B135C	3_2_00007FF8A81B135C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B71C6	3_2_00007FF8A81B71C6
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B62A3	3_2_00007FF8A81B62A3
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B5227	3_2_00007FF8A81B5227
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82DF120	3_2_00007FF8A82DF120
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B51FA	3_2_00007FF8A81B51FA
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B48EA	3_2_00007FF8A81B48EA
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CF200	3_2_00007FF8A81CF200
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1EBF	3_2_00007FF8A81B1EBF
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B259A	3_2_00007FF8A81B259A
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2A3B	3_2_00007FF8A81B2A3B
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2522	3_2_00007FF8A81B2522
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B524A	3_2_00007FF8A81B524A
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B60FF	3_2_00007FF8A81B60FF
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81DB4C0	3_2_00007FF8A81DB4C0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1BD1	3_2_00007FF8A81B1BD1
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4B92	3_2_00007FF8A81B4B92
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A834B6D0	3_2_00007FF8A834B6D0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B5BB9	3_2_00007FF8A81B5BB9
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3ECC	3_2_00007FF8A81B3ECC
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B34C2	3_2_00007FF8A81B34C2
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81DB850	3_2_00007FF8A81DB850
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82DB8A0	3_2_00007FF8A82DB8A0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B643D	3_2_00007FF8A81B643D
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B381E	3_2_00007FF8A81B381E
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B5038	3_2_00007FF8A81B5038
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2941	3_2_00007FF8A81B2941
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8350B70	3_2_00007FF8A8350B70
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B60AF	3_2_00007FF8A81B60AF
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A83E8CF0	3_2_00007FF8A83E8CF0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82E4CE0	3_2_00007FF8A82E4CE0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6546	3_2_00007FF8A81B6546
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6302	3_2_00007FF8A81B6302
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2EC3	3_2_00007FF8A81B2EC3
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6EAB	3_2_00007FF8A81B6EAB
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B1041	3_2_00007FF8A81B1041
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B321A	3_2_00007FF8A81B321A
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B6014	3_2_00007FF8A81B6014
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82E4FF0	3_2_00007FF8A82E4FF0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4025	3_2_00007FF8A81B4025
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3751	3_2_00007FF8A81B3751
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3DE1	3_2_00007FF8A81B3DE1
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B515F	3_2_00007FF8A81B515F
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B66EA	3_2_00007FF8A81B66EA
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4B42	3_2_00007FF8A81B4B42
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8364260	3_2_00007FF8A8364260
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8260200	3_2_00007FF8A8260200
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82DC240	3_2_00007FF8A82DC240
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2C66	3_2_00007FF8A81B2C66
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B71E4	3_2_00007FF8A81B71E4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A82F0450	3_2_00007FF8A82F0450
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B5740	3_2_00007FF8A81B5740
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3981	3_2_00007FF8A81B3981
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CC480	3_2_00007FF8A81CC480
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2BDA	3_2_00007FF8A81B2BDA
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81CC620	3_2_00007FF8A81CC620
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B7063	3_2_00007FF8A81B7063
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B3148	3_2_00007FF8A81B3148
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B17E9	3_2_00007FF8A81B17E9
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B111D	3_2_00007FF8A81B111D
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2C07	3_2_00007FF8A81B2C07
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4E08	3_2_00007FF8A81B4E08
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B12EE	3_2_00007FF8A81B12EE
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B736A	3_2_00007FF8A81B736A
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B2770	3_2_00007FF8A81B2770
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8365970	3_2_00007FF8A8365970
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B35EE	3_2_00007FF8A81B35EE
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A1582D	7_2_00A1582D
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A10A9B	7_2_00A10A9B
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A0823C	7_2_00A0823C
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A105F0	7_2_00A105F0
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A07EFA	7_2_00A07EFA
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Code function: 10_2_002694B0	10_2_002694B0

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: String function: 00A03FF0 appears 35 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B1055 appears 1131 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B207C appears 65 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B5E02 appears 543 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF73D7A1C50 appears 90 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B1C12 appears 98 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B4115 appears 285 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B46A6 appears 112 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF8A81B4214 appears 36 times
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: String function: 00007FF73D7A1CB0 appears 38 times

PE file contains executable resources (Code or Archives)

Source: win32ui.pyd.1.dr	Static PE information: Resource name: RT_CURSOR type: DOS executable (COM, 0x8C-variant)
Source: win32ui.pyd.1.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: unicodedata.pyd.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: api-ms-win-core-handle-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: python3.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: xSO7sbN2j6.exe, 00000001.00000003.2230935199.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232552994.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232822044.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2245348776.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32wnet.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232106594.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239664904.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232918955.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231419814.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2240170760.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2235950959.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234782736.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2243434894.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepythoncom38.dll0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234634320.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2236165439.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2242231546.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2243884643.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234396719.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232435962.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2245250027.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32trace.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233290847.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231219931.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2242552349.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepyexpat.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2230779110.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_elementtree.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239861973.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239037297.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244516546.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234547266.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244843348.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231902757.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2238777336.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233634128.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239258092.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232341692.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2230257256.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233028833.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2245348776.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32wnet.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2237358262.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231615557.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231807921.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232671264.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2235634596.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233543724.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239987749.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2232218108.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234300243.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2234146122.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2245250027.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32trace.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2230655896.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2240443886.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244989268.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32net.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244110686.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2230534838.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2243739150.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepywintypes38.dll0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233738349.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2231035454.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2235784465.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244711265.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_win32sysloader.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2241172247.000001EB0963D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameupx.exe( vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2230430431.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239479830.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2244711265.000001EB0964B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_win32sysloader.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233416251.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2225271860.000001EB0963A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2236972106.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2239773442.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2229733855.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32ui.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2245110481.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32security.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000001.00000003.2233871695.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2445756170.00007FF8B801B000.00000004.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilenamepywintypes38.dll0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2445996971.00007FF8B8112000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2446611440.00007FF8B8CBC000.00000004.00000001.01000000.0000001B.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2448841371.00007FF8BFAD6000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2443805965.00007FF8A8E07000.00000004.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamepython38.dll. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2441390190.00007FF8A81A1000.00000004.00000001.01000000.0000001E.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2448066086.00007FF8B9F69000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2442165063.00007FF8A84FE000.00000004.00000001.01000000.00000017.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2445273022.00007FF8B78CB000.00000004.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilenamewin32api.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2448608318.00007FF8BA4F2000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2442708741.00007FF8A88F1000.00000004.00000001.01000000.00000019.sdmp	Binary or memory string: OriginalFilenamelibsslH vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2445053706.00007FF8B61E1000.00000004.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilenamewin32net.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2447268382.00007FF8B9106000.00000004.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2444783479.00007FF8B61BE000.00000004.00000001.01000000.00000015.sdmp	Binary or memory string: OriginalFilenamewin32security.pyd0 vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2446255115.00007FF8B8269000.00000004.00000001.01000000.00000011.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2444222330.00007FF8B573C000.00000004.00000001.01000000.00000018.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2444486642.00007FF8B6180000.00000004.00000001.01000000.00000016.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2447618348.00007FF8B984C000.00000004.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2447462091.00007FF8B93DB000.00000004.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2446968005.00007FF8B8F9D000.00000004.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs xSO7sbN2j6.exe
Source: xSO7sbN2j6.exe, 00000003.00000002.2442979393.00007FF8A89BD000.00000004.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilenamepythoncom38.dll0 vs xSO7sbN2j6.exe

Source: libcrypto-1_1.dll.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.998678197927011
Source: libssl-1_1.dll.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9901204901603499
Source: python38.dll.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.999271124301676
Source: pythoncom38.dll.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9918376865671642
Source: win32ui.pyd.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9930449695121951
Source: unicodedata.pyd.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9942785780669146
Source: _cffi.cp38-win_amd64.pyd.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.995086669921875
Source: backend_c.cp38-win_amd64.pyd.1.dr	Static PE information: Section: UPX1 ZLIB complexity 0.992855787803532

Source: classification engine

Classification label: mal100.evad.winEXE@8/83@0/0

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7A6670 GetLastError,FormatMessageW,WideCharToMultiByte,

1_2_00007FF73D7A6670

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3576:120:WilError_03

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI12682

Jump to behavior

Source: xSO7sbN2j6.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: xSO7sbN2j6.exe	ReversingLabs: Detection: 15%
Source: xSO7sbN2j6.exe	Virustotal: Detection: 16%

Source: xSO7sbN2j6.exe	String found in binary or memory: set-addPolicy
Source: xSO7sbN2j6.exe	String found in binary or memory: id-cmc-addExtensions

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

File read: C:\Users\user\Desktop\xSO7sbN2j6.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\xSO7sbN2j6.exe "C:\Users\user\Desktop\xSO7sbN2j6.exe"
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\Desktop\xSO7sbN2j6.exe "C:\Users\user\Desktop\xSO7sbN2j6.exe"
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/netconn_properties.exe
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/registers.exe
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\Desktop\xSO7sbN2j6.exe "C:\Users\user\Desktop\xSO7sbN2j6.exe"	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/netconn_properties.exe	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/registers.exe	Jump to behavior

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

File opened: C:\Users\user\Desktop\pyvenv.cfg

Jump to behavior

Source: xSO7sbN2j6.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: xSO7sbN2j6.exe

Static file information: File size 11440768 > 1048576

Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: xSO7sbN2j6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: xSO7sbN2j6.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: xSO7sbN2j6.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239037297.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32net.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444861222.00007FF8B61C1000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\c\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb source: registers.exe, registers.exe, 0000000A.00000002.2415695027.0000000000261000.00000040.00000001.01000000.00000022.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239773442.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\select.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447521757.00007FF8B9841000.00000040.00000001.01000000.00000012.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_A source: xSO7sbN2j6.exe
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232435962.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
Source:	Binary string: ucrtbase.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445898778.00007FF8B80D5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.1.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233416251.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232106594.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445592803.00007FF8B7FF1000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234782736.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2237358262.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\python38.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2443034874.00007FF8A8CCC000.00000040.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\Users\c\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb%% source: registers.exe, 0000000A.00000002.2415695027.0000000000261000.00000040.00000001.01000000.00000022.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239861973.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32security.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444589477.00007FF8B6191000.00000040.00000001.01000000.00000015.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232822044.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\python3.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2242717820.000001EB0963F000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2448608318.00007FF8BA4F2000.00000002.00000001.01000000.00000007.sdmp, python3.dll.1.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235784465.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234547266.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2236972106.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_ssl.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444067430.00007FF8B5711000.00000040.00000001.01000000.00000018.sdmp
Source:	Binary string: D:\a01\_work\26\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2230257256.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2448737746.00007FF8BFAD1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232218108.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.1.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233738349.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2231807921.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232341692.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2236165439.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb source: xSO7sbN2j6.exe, xSO7sbN2j6.exe, 00000003.00000002.2442460559.00007FF8A88B4000.00000040.00000001.01000000.00000019.sdmp
Source:	Binary string: C:\Users\b\source\repos\ConsoleApplication1\Release\ConsoleApplication1.pdb source: netconn_properties.exe, netconn_properties.exe, 00000007.00000002.2414728783.0000000000A01000.00000040.00000001.01000000.00000021.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234146122.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr
Source:	Binary string: ucrtbase.pdbUGP source: xSO7sbN2j6.exe, 00000003.00000002.2445898778.00007FF8B80D5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\unicodedata.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2441062409.00007FF8A8195000.00000040.00000001.01000000.0000001E.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2240170760.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a01\_work\26\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2230430431.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2447867332.00007FF8B9F65000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pythoncom.pdb}},GCTL source: xSO7sbN2j6.exe, 00000003.00000002.2442766857.00007FF8A8901000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: MSVCP140.dll.1.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232671264.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_bz2.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447332028.00007FF8B93C1000.00000040.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_lzma.pdbMM source: xSO7sbN2j6.exe, 00000003.00000002.2446708944.00007FF8B8F8D000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb** source: xSO7sbN2j6.exe, 00000003.00000002.2445592803.00007FF8B7FF1000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: MSVCP140.dll.1.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234634320.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_hashlib.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444302392.00007FF8B6176000.00000040.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\A\6\b\libssl-1_1.pdb?? source: xSO7sbN2j6.exe, 00000003.00000002.2442460559.00007FF8A88B4000.00000040.00000001.01000000.00000019.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233634128.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: xSO7sbN2j6.exe, 00000003.00000002.2441450814.00007FF8A83F8000.00000040.00000001.01000000.00000017.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2231902757.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32net.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2444861222.00007FF8B61C1000.00000040.00000001.01000000.00000014.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235950959.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source:	Binary string: C:\A\34\b\bin\amd64\_socket.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446080851.00007FF8B8251000.00000040.00000001.01000000.00000011.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233290847.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239258092.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_ctypes.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2447129812.00007FF8B90E1000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_lzma.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446708944.00007FF8B8F8D000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233871695.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233543724.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239479830.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2240443886.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234300243.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2235634596.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2234396719.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232552994.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239664904.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2233028833.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pythoncom.pdb source: xSO7sbN2j6.exe, xSO7sbN2j6.exe, 00000003.00000002.2442766857.00007FF8A8901000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1k 25 Mar 2021built on: Tue Apr 6 11:26:02 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: xSO7sbN2j6.exe, 00000003.00000002.2441450814.00007FF8A83F8000.00000040.00000001.01000000.00000017.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2232918955.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\34\b\bin\amd64\_queue.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2446511663.00007FF8B8CB1000.00000040.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32api.pdb source: xSO7sbN2j6.exe, 00000003.00000002.2445139659.00007FF8B78A1000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2238777336.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: xSO7sbN2j6.exe, 00000001.00000003.2239987749.000001EB0963C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32api.pdb!! source: xSO7sbN2j6.exe, 00000003.00000002.2445139659.00007FF8B78A1000.00000040.00000001.01000000.0000000F.sdmp

Source: xSO7sbN2j6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: xSO7sbN2j6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: xSO7sbN2j6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: xSO7sbN2j6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: xSO7sbN2j6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Binary contains a suspicious time stamp

Source: api-ms-win-crt-process-l1-1-0.dll.1.dr

Static PE information: 0xA8F275DA [Mon Oct 27 06:36:10 2059 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 3_2_00007FF8A84FCDE0 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,

3_2_00007FF8A84FCDE0

PE file contains sections with non-standard names

Source: xSO7sbN2j6.exe	Static PE information: section name: _RDATA
Source: libffi-7.dll.1.dr	Static PE information: section name: UPX2
Source: mfc140u.dll.1.dr	Static PE information: section name: .didat
Source: VCRUNTIME140.dll.1.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A80991E7 push rdi; iretd	3_2_00007FF8A80991E9
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8099328 push r10; retf	3_2_00007FF8A8099391
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8099C33 push rsp; retf	3_2_00007FF8A8099C34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096C71 push r10; ret	3_2_00007FF8A8096C73
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096D16 push r8; ret	3_2_00007FF8A8096D23
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096D3A push r12; ret	3_2_00007FF8A8096D3C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8099DB1 push rsp; iretq	3_2_00007FF8A8099DB2
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A80985AF push rbp; retf	3_2_00007FF8A80985C8
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A80985F4 push r12; ret	3_2_00007FF8A8098630
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096E36 push rsp; ret	3_2_00007FF8A8096E3E
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096E7E push rdi; iretd	3_2_00007FF8A8096E80
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8098EAA push rbp; iretq	3_2_00007FF8A8098EAB
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096EC5 push rsi; ret	3_2_00007FF8A8096EC6
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096EEF push r10; retf	3_2_00007FF8A8096EF2
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096F00 push r12; ret	3_2_00007FF8A8096F1E
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8098F42 push r12; ret	3_2_00007FF8A8098F69
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096F63 push r12; ret	3_2_00007FF8A8096F7B
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8098F97 push r12; iretd	3_2_00007FF8A8098FAE
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096F88 push r8; ret	3_2_00007FF8A8096F90
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8096FC2 push r10; ret	3_2_00007FF8A8096FD5
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A809784D push rsi; ret	3_2_00007FF8A8097884
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A1B9FD push esi; ret	7_2_00A1BA06
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A15F41 push ecx; ret	7_2_00A15F54

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Process created: "C:\Users\user\Desktop\xSO7sbN2j6.exe"

Drops PE files

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\MSVCP140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32security.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\_cffi.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\python38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\upx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32net.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pywintypes38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32wnet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\backend_c.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pythoncom38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md__mypyc.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

1_2_00007FF73D7A2F20

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe

Code function: 10_2_00261520

10_2_00261520

Queries BIOS fan information (via WMI, Win32_Fan, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Fan

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_CacheMemory
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_MemoryDevice
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_MemoryArray
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_MemoryCapacity
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_SMBIOSMemory
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_Memory
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController

Queries temperature or sensor information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_NumericSensor
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_Sensor
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_TemperatureSensor
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PerfFormattedData_Counters_ThermalZoneInformation

Queries voltage information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VoltageProbe
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM CIM_VoltageSensor

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 261592 second address: 26159C instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+44h], eax 0x00000006 mov dword ptr [esp+40h], edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 26159C second address: 2615A6 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+3Ch], eax 0x00000006 mov dword ptr [esp+38h], edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 2615A6 second address: 2615B0 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+34h], eax 0x00000006 mov dword ptr [esp+30h], edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 2615B0 second address: 2615BA instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+2Ch], eax 0x00000006 mov dword ptr [esp+28h], edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 2615BA second address: 2615CA instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+24h], eax 0x00000006 xor eax, eax 0x00000008 push ebx 0x00000009 mov dword ptr [esp+24h], edx 0x0000000d cpuid 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 2615CA second address: 2615DC instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+1Ch], eax 0x00000006 xor ecx, ecx 0x00000008 xor eax, eax 0x0000000a mov dword ptr [esp+18h], edx 0x0000000e push ebx 0x0000000f cpuid 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	RDTSC instruction interceptor: First address: 2615DC second address: 2615EE instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+14h], eax 0x00000006 xor ecx, ecx 0x00000008 xor eax, eax 0x0000000a mov dword ptr [esp+10h], edx 0x0000000e push ebx 0x0000000f cpuid 0x00000011 pop ebx 0x00000012 rdtsc

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe

Code function: 10_2_00261520 rdtsc

10_2_00261520

Contains functionality to detect virtual machines (SGDT)

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe

Code function: 10_2_00261520 sgdt fword ptr [esp+000000B0h]

10_2_00261520

Contains functionality to detect virtual machines (SIDT)

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe

Code function: 10_2_00261520 sidt fword ptr [esp+000000A8h]

10_2_00261520

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32security.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\_cffi.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\python38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\upx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32net.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pywintypes38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32wnet.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32trace.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\backend_c.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pythoncom38.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md__mypyc.cp38-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file

Found evasive API chain checking for process token information

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	API coverage: 7.9 %
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	API coverage: 6.0 %

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7A69E0 FindFirstFileExW,FindClose,	1_2_00007FF73D7A69E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7C0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	1_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7C0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF73D7C0A34
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	3_2_00007FF73D7B6878
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7A69E0 FindFirstFileExW,FindClose,	3_2_00007FF73D7A69E0
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B4480 MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,00007FF8C610F020,FindFirstFileW,FindNextFileW,WideCharToMultiByte,	3_2_00007FF8A81B4480
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A0CD11 FindFirstFileExW,	7_2_00A0CD11

Source: xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: D9SCX8F8 VMCI Bus Device
Source: xSO7sbN2j6.exe, 00000003.00000003.2424369615.00000210307E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System Product6GAYZ12ED92742-89DC-DD72-92E8-869FA5A66493VMware, Inc.None
Source: xSO7sbN2j6.exe, 00000003.00000003.2424369615.00000210307E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: xSO7sbN2j6.exe, 00000003.00000003.2428147875.000002102E64D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityU8VE67KY VMCI Bus Device{4d36e97d-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityZY4E1A5N VMCI Bus DevicePCI\D_H5H1V6&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3FSystem.String[]VMware, Inc.D
Source: xSO7sbN2j6.exe, 00000003.00000002.2440026777.0000021031050000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM0
Source: xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: U8VE67KY VMCI Bus Device
Source: xSO7sbN2j6.exe, 00000003.00000003.2420878508.00000210307FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MBLMEM
Source: xSO7sbN2j6.exe, 00000003.00000003.2421755441.0000021031790000.00000004.00001000.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2297584953.00000210307FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: xSO7sbN2j6.exe, 00000003.00000003.2430979576.0000021030172000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2427750884.000002103016B000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423625603.0000021030163000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2432460343.0000021030173000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2257911551.00000210300E3000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423685730.000002103016A000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2423437104.0000021030111000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000002.2436306792.0000021030174000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2430089157.0000021030171000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: xSO7sbN2j6.exe, 00000003.00000002.2439982644.0000021031000000.00000004.00001000.00020000.00000000.sdmp, xSO7sbN2j6.exe, 00000003.00000003.2297912338.00000210307D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: xSO7sbN2j6.exe, 00000003.00000003.2297912338.00000210307D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityMicrosoft Hyper-V Virtualization Infrastructure Driver{4d36e97d-e325-11ce-bfc1-08002be10318}Win32_PnPEntityMicrosoft Hyper-V Virtualization Infrastructure DriverROOT\VID\0000System.String[]MicrosoftMicrosoft Hyper-V Virtualization Infrastructure DriverSystemROOT\VID\0000VidOKWin32_ComputerSystemuser-PC
Source: xSO7sbN2j6.exe, 00000003.00000003.2297584953.00000210307FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityMicrosoft Hyper-V Generation Counter{4d36e97d-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityMicrosoft Hyper-V Generation CounterACPI\VMW0001\7System.String[]MicrosoftMicrosoft Hyper-V Generation CounterSystemACPI\VMW0001\7gencounterOKWin32_ComputerSystemuser-PC
Source: xSO7sbN2j6.exe, 00000003.00000003.2420878508.00000210307FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: xSO7sbN2j6.exe, 00000003.00000002.2435267835.000002102E64D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityU8VE67KY VMCI Bus Device{4d36e97d-e325-11ce-bfc1-08002be10318}System.Stp
Source: xSO7sbN2j6.exe, 00000003.00000003.2421755441.0000021031790000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation Countercthingp
Source: xSO7sbN2j6.exe, 00000003.00000003.2421755441.0000021031790000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation Countercthing0
Source: xSO7sbN2j6.exe, 00000003.00000003.2421755441.0000021031790000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation CountercthingP
Source: xSO7sbN2j6.exe, 00000003.00000002.2440334952.0000021031390000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ZY4E1A5N VMCI Bus Device
Source: xSO7sbN2j6.exe, 00000003.00000003.2427487296.00000210313D0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware, Inc..p
Source: xSO7sbN2j6.exe, 00000003.00000002.2435267835.000002102E64D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityZY4E1A5N VMCI Bus DevicePCI\D_H5H1V6&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3FSystem.String[]VMware, Inc.D
Source: xSO7sbN2j6.exe, 00000003.00000003.2422434748.0000021030111000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityU8VE67KY VMCI Bus Device{4d36e97d-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityZY4E1A5N VMCI Bus DevicePCI\D_H5H1V6&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3FSystem.String[]VMware, Inc.D9SCX8F8 VMCI Bus DeviceSystemPCI\9GOTKCRT&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3FvmciOKWin32_ComputerSystemuser-PC
Source: xSO7sbN2j6.exe, 00000003.00000002.2440237150.00000210312D0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware, Inc..
Source: xSO7sbN2j6.exe, 00000003.00000002.2439982644.0000021031000000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driverp

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe

Code function: 10_2_00261520 rdtsc

10_2_00261520

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7AAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_00007FF73D7AAA2C

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 3_2_00007FF8A84FCDE0 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,

3_2_00007FF8A84FCDE0

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7C2620 GetProcessHeap,

1_2_00007FF73D7C2620

Enables debug privileges

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7AAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF73D7AAA2C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7AA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FF73D7AA180
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7B9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF73D7B9C44
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 1_2_00007FF73D7AABD4 SetUnhandledExceptionFilter,	1_2_00007FF73D7AABD4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7AAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF73D7AAA2C
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7AA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FF73D7AA180
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7B9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF73D7B9C44
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF73D7AABD4 SetUnhandledExceptionFilter,	3_2_00007FF73D7AABD4
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A8093354 IsProcessorFeaturePresent,00007FF8BFAC19A0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FF8BFAC19A0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF8A8093354
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Code function: 3_2_00007FF8A81B5001 __scrt_fastfail,IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF8A81B5001
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A03906 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00A03906
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A03DAE IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00A03DAE
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A08DD4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00A08DD4
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	Code function: 7_2_00A03F10 SetUnhandledExceptionFilter,	7_2_00A03F10
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Code function: 10_2_00261805 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00261805
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Code function: 10_2_00261F77 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00261F77
Source: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	Code function: 10_2_002620D9 SetUnhandledExceptionFilter,	10_2_002620D9

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\Desktop\xSO7sbN2j6.exe "C:\Users\user\Desktop\xSO7sbN2j6.exe"	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/netconn_properties.exe	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe C:\Users\user\AppData\Local\Temp\_MEI12682\exe/registers.exe	Jump to behavior

Source: xSO7sbN2j6.exe, 00000003.00000002.2437458016.00000210305D0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DOF_PROGMAN0
Source: xSO7sbN2j6.exe, 00000003.00000002.2437458016.00000210305D0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DOF_PROGMAN

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7C8A30 cpuid

1_2_00007FF73D7C8A30

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\ucrtbase.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0muh7zmj VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp179_cpv3 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pywintypes38.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pythoncom38.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32api.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp179_cpv3 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp179_cpv3\gen_py\__init__.py VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp179_cpv3\gen_py\dicts.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\psutil\_psutil_windows.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32net.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32security.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\backend_c.cp38-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md.cp38-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md__mypyc.cp38-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\unicodedata.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\Desktop\xSO7sbN2j6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\xSO7sbN2j6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp179_cpv3 VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7AA910 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

1_2_00007FF73D7AA910

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Code function: 1_2_00007FF73D7C4EA0 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

1_2_00007FF73D7C4EA0

Source: C:\Users\user\Desktop\xSO7sbN2j6.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1428491
Product:	CloudBasic
Start time:	02:44:38
Start date:	19.04.2024
Sample:	xSO7sbN2j6
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5917c8e5a003b2c211150d1f92440f79
SHA1:	fc3dfd511d75828c56aec3be55931d42bfbdd96e
SHA256:	95256b28dfb85f1d5bafdec109950775733d4af82acc0512151639695c57e469
Filetype:	Win64 Executable Console (202006/5) 92.65%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\0muh7zmj	ASCII text, with no line terminators	3F1D1D8D87177D3D8D897D7E421F84D6	DD082D742A5CB751290F1DB2BD519C286AA86D95	F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
C:\Users\user\AppData\Local\Temp\_MEI12682\MSVCP140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	1BA6D1CF0508775096F9E121A24E5863	DF552810D779476610DA3C8B956CC921ED6C91AE	74892D9B4028C05DEBAF0B9B5D9DC6D22F7956FA7D7EEE00C681318C26792823
C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin\mfc140u.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	03A161718F1D5E41897236D48C91AE3C	32B10EB46BAFB9F81A402CB7EFF4767418956BD4	E06C4BD078F4690AA8874A3DEB38E802B2A16CCB602A7EDC2E077E98C05B5807
C:\Users\user\AppData\Local\Temp\_MEI12682\Pythonwin\win32ui.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	376C58A0C1A4B549AA7E05759AB1B16E	732C31C2A945704ADE1D4D718D11FAC49D0B3CC6	E7443391287D86FB914613FF642F45AD3A106A967C3C26FF8F0AF1B117E13EFB
C:\Users\user\AppData\Local\Temp\_MEI12682\VCRUNTIME140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	4A365FFDBDE27954E768358F4A4CE82E	A1B31102EEE1D2A4ED1290DA2038B7B9F6A104A3	6A0850419432735A98E56857D5CFCE97E9D58A947A9863CA6AFADD1C7BCAB27C
C:\Users\user\AppData\Local\Temp\_MEI12682\VCRUNTIME140_1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	9CFF894542DC399E0A46DEE017331EDF	D1E889D22A5311BD518517537CA98B3520FC99FF	B1D3B6B3CDEB5B7B8187767CD86100B76233E7BBB9ACF56C64F8288F34B269CA
C:\Users\user\AppData\Local\Temp\_MEI12682\_bz2.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	5F464B4F06DFE3AB504169FFDC7F53AE	2942CF1F492213842D7BB8E8198355D3607B2F3B	0DD68268A9D47CE935FF932C3FE281E7A6D57E9CD424299D05560E56A773EF4B
C:\Users\user\AppData\Local\Temp\_MEI12682\_ctypes.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	332D773008E12399AB98D085CD60C583	C3AA78E9BA7732B989A3CAB996E63791EAF46A7F	19B813BCD356F37E73FE7D367051EB0BD901F2BD14CA8AD4662B1503B1459CEA
C:\Users\user\AppData\Local\Temp\_MEI12682\_elementtree.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	5F8A8DA577CE431C77F5D4B8F972E5E0	23306304175383DE4C6E039C9A106000BB28DA31	5A32E12FDE1F4E8A805D598E6CFBEC1E4AEAA9F9C1744BC3B1BF8B2AB9706686
C:\Users\user\AppData\Local\Temp\_MEI12682\_hashlib.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7A323C4FCE36AB53DA167E4074A68A77	78A0E1EBBC7B357DBD37FCEE32589C4D0DC94DFE	07419B0862EDABE485317C199EE61B4DE838EC730789B12B8D660B6A1E5AAF76
C:\Users\user\AppData\Local\Temp\_MEI12682\_lzma.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	6CF80DCA091DAD17790A6B1AF4E85381	BCB4052A4F960B429EB9DB019734FC00B41C4427	2B41390D1BFFA9C5B7018BC0544B0A2C188ECB9B00EBC56DF5A864DC47E32697
C:\Users\user\AppData\Local\Temp\_MEI12682\_queue.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7A9EAB9B45B38B485AD540FCD60FD1C2	8FC5679207187B8E37F73C3826A0F1CEF06BC7D9	3E97629DB46D159DB614A2AF447A8FCD3CDEA807D7BDB8B32ADADB372B8ED3AE
C:\Users\user\AppData\Local\Temp\_MEI12682\_socket.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	15A40AFE3A6A996DA1ED9C9EB13362B8	FB7A8827FD244642A1BDA9E863E8A1137A791554	55C9F10D31037738DA2110BB88074CF4B6D65E256C9411560000330ED27704C1
C:\Users\user\AppData\Local\Temp\_MEI12682\_ssl.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	A61613B2A31FB6C1D0F11A2AB42C3A9E	A51069C3AEB3C7C8D802CF076005B1C1717CA12A	1B39EAC9D666211E670E37420D9FD43516695E7EF53832F4DBD86B6E97FC9BF3
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-console-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	07EBE4D5CEF3301CCF07430F4C3E32D8	3B878B2B2720915773F16DBA6D493DAB0680AC5F	8F8B79150E850ACC92FD6AAB614F6E3759BEA875134A62087D5DD65581E3001F
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-datetime-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	557405C47613DE66B111D0E2B01F2FDB	DE116ED5DE1FFAA900732709E5E4EEF921EAD63C	913EAAA7997A6AEE53574CFFB83F9C9C1700B1D8B46744A5E12D76A1E53376FD
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-debug-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	624401F31A706B1AE2245EB19264DC7F	8D9DEF3750C18DDFC044D5568E3406D5D0FB9285	58A8D69DF60ECBEE776CD9A74B2A32B14BF2B0BD92D527EC5F19502A0D3EB8E9
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-errorhandling-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	2DB5666D3600A4ABCE86BE0099C6B881	63D5DDA4CEC0076884BC678C691BDD2A4FA1D906	46079C0A1B660FC187AAFD760707F369D0B60D424D878C57685545A3FCE95819
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	0F7D418C05128246AFA335A1FB400CB9	F6313E371ED5A1DFFE35815CC5D25981184D0368	5C9BC70586AD538B0DF1FCF5D6F1F3527450AE16935AA34BD7EB494B4F1B2DB9
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l1-2-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	5A72A803DF2B425D5AAFF21F0F064011	4B31963D981C07A7AB2A0D1A706067C539C55EC5	629E52BA4E2DCA91B10EF7729A1722888E01284EED7DDA6030D0A1EC46C94086
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-file-l2-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	721B60B85094851C06D572F0BD5D88CD	4D0EE4D717AEB9C35DA8621A545D3E2B9F19B4E7	DAC867476CAA42FF8DF8F5DFE869FFD56A18DADEE17D47889AFB69ED6519AFBF
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-handle-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	D1DF480505F2D23C0B5C53DF2E0E2A1A	207DB9568AFD273E864B05C87282987E7E81D0BA	0B3DFB8554EAD94D5DA7859A12DB353942406F9D1DFE3FAC3D48663C233EA99D
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-heap-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	73433EBFC9A47ED16EA544DDD308EAF8	AC1DA1378DD79762C6619C9A63FD1EBE4D360C6F	C43075B1D2386A8A262DE628C93A65350E52EAE82582B27F879708364B978E29
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-interlocked-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	7C7B61FFA29209B13D2506418746780B	08F3A819B5229734D98D58291BE4BFA0BEC8F761	C23FE8D5C3CA89189D11EC8DF983CC144D168CB54D9EAB5D9532767BCB2F1FA3
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-libraryloader-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	6D0550D3A64BD3FD1D1B739133EFB133	C7596FDE7EA1C676F0CC679CED8BA810D15A4AFE	F320F9C0463DE641B396CE7561AF995DE32211E144407828B117088CF289DF91
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-localization-l1-2-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	1ED0B196AB58EDB58FCF84E1739C63CE	AC7D6C77629BDEE1DF7E380CC9559E09D51D75B7	8664222823E122FCA724620FD8B72187FC5336C737D891D3CEF85F4F533B8DE2
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-memory-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	721BAEA26A27134792C5CCC613F212B2	2A27DCD2436DF656A8264A949D9CE00EAB4E35E8	5D9767D8CCA0FBFD5801BFF2E0C2ADDDD1BAAAA8175543625609ABCE1A9257BD
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-namedpipe-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	B3F887142F40CB176B59E58458F8C46D	A05948ABA6F58EB99BBAC54FA3ED0338D40CBFAD	8E015CDF2561450ED9A0773BE1159463163C19EAB2B6976155117D16C36519DA
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processenvironment-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	89F35CB1212A1FD8FBE960795C92D6E8	061AE273A75324885DD098EE1FF4246A97E1E60C	058EB7CE88C22D2FF7D3E61E6593CA4E3D6DF449F984BF251D9432665E1517D1
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processthreads-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	0C933A4B3C2FCF1F805EDD849428C732	B8B19318DBB1D2B7D262527ABD1468D099DE3FB6	A5B733E3DCE21AB62BD4010F151B3578C6F1246DA4A96D51AC60817865648DD3
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-processthreads-l1-1-1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	7E8B61D27A9D04E28D4DAE0BFA0902ED	861A7B31022915F26FB49C79AC357C65782C9F4B	1EF06C600C451E66E744B2CA356B7F4B7B88BA2F52EC7795858D21525848AC8C
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-profile-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	8D12FFD920314B71F2C32614CC124FEC	251A98F2C75C2E25FFD0580F90657A3EA7895F30	E63550608DD58040304EA85367E9E0722038BA8E7DC7BF9D91C4D84F0EC65887
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-rtlsupport-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	9FA3FC24186D912B0694A572847D6D74	93184E00CBDDACAB7F2AD78447D0EAC1B764114D	91508AB353B90B30FF2551020E9755D7AB0E860308F16C2F6417DFB2E9A75014
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-string-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	C9CBAD5632D4D42A1BC25CCFA8833601	09F37353A89F1BFE49F7508559DA2922B8EFEB05	F3A7A9C98EBE915B1B57C16E27FFFD4DDF31A82F0F21C06FE292878E48F5883E
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-synch-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	4CCDE2D1681217E282996E27F3D9ED2E	8EDA134B0294ED35E4BBAC4911DA620301A3F34D	D6708D1254ED88A948871771D6D1296945E1AA3AEB7E33E16CC378F396C61045
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-synch-l1-2-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	E86CFC5E1147C25972A5EEFED7BE989F	0075091C0B1F2809393C5B8B5921586BDD389B29	72C639D1AFDA32A65143BCBE016FE5D8B46D17924F5F5190EB04EFE954C1199A
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-sysinfo-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	206ADCB409A1C9A026F7AFDFC2933202	BB67E1232A536A4D1AE63370BD1A9B5431335E77	76D8E4ED946DEEFEEFA0D0012C276F0B61F3D1C84AF00533F4931546CBB2F99E
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-timezone-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	91A2AE3C4EB79CF748E15A58108409AD	D402B9DF99723EA26A141BFC640D78EAF0B0111B	B0EDA99EABD32FEFECC478FD9FE7439A3F646A864FDAB4EC3C1F18574B5F8B34
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-core-util-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	1E4C4C8E643DE249401E954488744997	DB1C4C0FC907100F204B21474E8CD2DB0135BC61	F28A8FE2CD7E8E00B6D2EC273C16DB6E6EEA9B6B16F7F69887154B6228AF981E
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-conio-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	FA770BCD70208A479BDE8086D02C22DA	28EE5F3CE3732A55CA60AEE781212F117C6F3B26	E677497C1BAEFFFB33A17D22A99B76B7FA7AE7A0C84E12FDA27D9BE5C3D104CF
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-convert-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	4EC4790281017E616AF632DA1DC624E1	342B15C5D3E34AB4AC0B9904B95D0D5B074447B7	5CF5BBB861608131B5F560CBF34A3292C80886B7C75357ACC779E0BF98E16639
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-environment-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	7A859E91FDCF78A584AC93AA85371BC9	1FA9D9CAD7CC26808E697373C1F5F32AAF59D6B7	B7EE468F5B6C650DADA7DB3AD9E115A0E97135B3DF095C3220DFD22BA277B607
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-filesystem-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	972544ADE7E32BFDEB28B39BC734CDEE	87816F4AFABBDEC0EC2CFEB417748398505C5AA9	7102F8D9D0F3F689129D7FE071B234077FBA4DD3687071D1E2AEAA137B123F86
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-heap-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	8906279245F7385B189A6B0B67DF2D7C	FCF03D9043A2DAAFE8E28DEE0B130513677227E4	F5183B8D7462C01031992267FE85680AB9C5B279BEDC0B25AB219F7C2184766F
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-locale-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	DD8176E132EEDEA3322443046AC35CA2	D13587C7CC52B2C6FBCAA548C8ED2C771A260769	2EB96422375F1A7B687115B132A4005D2E7D3D5DC091FB0EB22A6471E712848E
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-math-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	A6A3D6D11D623E16866F38185853FACD	FBEADD1E9016908ECCE5753DE1D435D6FCF3D0B5	A768339F0B03674735404248A039EC8591FCBA6FF61A3C6812414537BADD23B0
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-multibyte-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	B5C8AF5BADCDEFD8812AF4F63364FE2B	750678935010A83E2D83769445F0D249E4568A8D	7101B3DFF525EA47B7A40DD96544C944AE400447DF7A6ACD07363B6D7968B889
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-process-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	074B81A625FB68159431BB556D28FAB5	20F8EAD66D548CFA861BC366BB1250CED165BE24	3AF38920E767BD9EBC08F88EAF2D08C748A267C7EC60EAB41C49B3F282A4CF65
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-runtime-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F1A23C251FCBB7041496352EC9BCFFBE	BE4A00642EC82465BC7B3D0CC07D4E8DF72094E8	D899C2F061952B3B97AB9CDBCA2450290B0F005909DDD243ED0F4C511D32C198
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-stdio-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	55B2EB7F17F82B2096E94BCA9D2DB901	44D85F1B1134EE7A609165E9C142188C0F0B17E0	F9D3F380023A4C45E74170FE69B32BCA506EE1E1FBE670D965D5B50C616DA0CB
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-string-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	9B79965F06FD756A5EFDE11E8D373108	3B9DE8BF6B912F19F7742AD34A875CBE2B5FFA50	1A916C0DB285DEB02C0B9DF4D08DAD5EA95700A6A812EA067BD637A91101A9F6
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-time-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	1D48A3189A55B632798F0E859628B0FB	61569A8E4F37ADC353986D83EFC90DC043CDC673	B56BC94E8539603DD2F0FEA2F25EFD17966315067442507DB4BFFAFCBC2955B0
C:\Users\user\AppData\Local\Temp\_MEI12682\api-ms-win-crt-utility-l1-1-0.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	DBC27D384679916BA76316FB5E972EA6	FB9F021F2220C852F6FF4EA94E8577368F0616A4	DD14133ADF5C534539298422F6C4B52739F80ACA8C5A85CA8C966DEA9964CEB1
C:\Users\user\AppData\Local\Temp\_MEI12682\base_library.zip	Zip archive data, at least v2.0 to extract, compression method=store	8A2AF800E6C75ABE6D2FA4060655DD50	68B5B5B2F9BC3A951B47841957C03923C47D5C12	E5D9CE91DAF8D8330E34D1E3856BD2B481EF55F374EB3836A429125E1F8E51C0
C:\Users\user\AppData\Local\Temp\_MEI12682\certifi\cacert.pem	ASCII text	78D9DD608305A97773574D1C0FB10B61	9E177F31A3622AD71C3D403422C9A980E563FE32	794D039FFDF277C047E26F2C7D58F81A5865D8A0EB7024A0FAC1164FEA4D27CF
C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md.cp38-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	3EC61DACFBE1E165DE5FE35FB92FA6D4	A7605431D0A9BABE59CDBD5D39C292D5AB8BBF43	3ACEA3CB557E4A7DF92FC34AD2CB1D654CF3C2254C00C690DA32C1A1F27BA4FA
C:\Users\user\AppData\Local\Temp\_MEI12682\charset_normalizer\md__mypyc.cp38-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	599D207F2DEBB191A262B407C4CC72F4	3BD74DA03C4FE18566E5AEF38B871FAC759FB2D8	004CF0FE91F3A5837CD7BABFE21F5C8461E7A181B7C94AEF92EEE7CF7B327FC8
C:\Users\user\AppData\Local\Temp\_MEI12682\exe\netconn_properties.exe	PE32 executable (console) Intel 80386, for MS Windows, UPX compressed	3B8E84142573A5E30990BDE2E574C447	C3EB3D19655F022B404E6F35764BBF80931FACB6	844BC565498F3C7B74E46770EDC35EB3A20F16F0EB619250C83E40ECA1C0F493
C:\Users\user\AppData\Local\Temp\_MEI12682\exe\registers.exe	PE32 executable (console) Intel 80386, for MS Windows, UPX compressed	527010682A02EE5935BAC5B2D074C49D	868586F9C46F0BE6F33E732BFB25885608DD760F	6F5CF5FB3EC821E23D3B7039B45084FB746335E87609523E97559AA464CECFAA
C:\Users\user\AppData\Local\Temp\_MEI12682\exe\upx.exe	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows	8A98406E32ED6139BD9E75342D452948	ED77737B88A7351D0BC5F542DDB7CE84F8F95588	A4240EA0E8A916D15F8391EDEF9705AB4DE1F516DD360F0A336C5358686D434B
C:\Users\user\AppData\Local\Temp\_MEI12682\libcrypto-1_1.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	EB33B1A0A12A1BFCB69FD2467F5C6B8C	D30782A6BED3FD889846787D733D14519D757808	E631BFE0B26A864F61311A03BF1F0819ABDFFC7BC00D14D263714F934A085069
C:\Users\user\AppData\Local\Temp\_MEI12682\libffi-7.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	6F818913FAFE8E4DF7FEDC46131F201F	BBB7BA3EDBD4783F7F973D97B0B568CC69CADAC5	3F94EE4F23F6C7702AB0CC12995A6457BF22183FA828C30CC12288ADF153AE56
C:\Users\user\AppData\Local\Temp\_MEI12682\libssl-1_1.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	88803AAC099CCCF4AF3496BFABDC8865	3EEE4E685E0084F13935870BE3E2C7DDDB1975E4	C524B961D036C9E95AE4D9E40E8B4F897A4F0772CF1D78AC0287AF84FE918CAD
C:\Users\user\AppData\Local\Temp\_MEI12682\psutil\_psutil_windows.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	FA4A63CC5BBC7B119DDEB9469B17A55D	72EF6F8E5E7FE13EA64973E05DB297C8455754FB	EE2EACA1473E460BEFEBBC0149BA1A4537A9C9303C10AAA2FF6D8C8F74AC8BA3
C:\Users\user\AppData\Local\Temp\_MEI12682\pyexpat.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	5F5C5041C392FA352223F248F056639F	5FB30449F84653B3B26B1E2820577A67FD52AFB0	044751B6EB51B5D2E75394F7DA265747063101F2310E1D0AB6AB79DF7F589BE3
C:\Users\user\AppData\Local\Temp\_MEI12682\python3.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C9F0B55FCE50C904DFF9276014CEF6D8	9F9AE27DF619B695827A5AF29414B592FC584E43	074B06AE1D0A0B5C26F0CE097C91E2F24A5D38B279849115495FC40C6C10117E
C:\Users\user\AppData\Local\Temp\_MEI12682\python38.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7AB78070CA047F134156169C60CCA0A3	F3FE769A202936D4C533A643F9A8B7CBDDA61CA4	C57BD27215609ECA66BEA7F88F4B5CE3BF39486DFDBAB7D5C684270507627D22
C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pythoncom38.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	E66C96A48F85B9F0B44D5006AEA7DAAC	2E5ADB142EA5BB79DCDA2B72671B76855B85F633	EAEA8C3093EA2F566F7EF3F95CEF86E58FB9889E6D0423D6F0E182C86D6472FC
C:\Users\user\AppData\Local\Temp\_MEI12682\pywin32_system32\pywintypes38.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C9B84B1AC14813C7C8FC5E7AB6EF788B	C5EED330F129E5C6A9B817AD081CF8722E9EB147	F1D4431DA1300B9FE40DBE6C1E2C8311CD7F458EA1D8F2DB234137CF57C5D2D2
C:\Users\user\AppData\Local\Temp\_MEI12682\select.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BFCE179B385145F6C0CB73AAC30318C1	FF59AB14CBEB00A9C68369D998B101102673B6E2	04F0936EC038FF18927B5DEF896DB658B64F6DC9E6275E6AD03A7436D4F9A80A
C:\Users\user\AppData\Local\Temp\_MEI12682\ucrtbase.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	849959A003FA63C5A42AE87929FCD18B	D1B80B3265E31A2B5D8D7DA6183146BBD5FB791B	6238CBFE9F57C142B75E153C399C478D492252FDA8CB40EE539C2DCB0F2EB232
C:\Users\user\AppData\Local\Temp\_MEI12682\unicodedata.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	F9486E61971743562E9CDFAC3B26B9B8	827CC385D614535A17C37A899017E95ABEE90384	D35630AC31C32CEB5098EB2E63B029EBEE37167C6DA320F07574A244A8336554
C:\Users\user\AppData\Local\Temp\_MEI12682\win32\_win32sysloader.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	75BE08C4B0982D2BEE8BFDC3571B90BC	F131B660569166243CECC1EAEE7EF2427D968D4E	871079FF742DD22E944820510D723BF140E69397814BA9F1C1CEE13421CBEB09
C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32api.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	A5164377C56078FA97E42C4CCD7E3C17	5D4E05710848E757D52DAA0C2A9DD806FA22D35A	B00E9D8604CF0E3436E5F44AF51C352762089D5EED53F84FB109E1EDDF7F1A84
C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32net.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	DD20D1245098A40C8729A931B5402718	228E9EA731D3A2EE8C227C78523F9285314FC6E0	9228F21326C91E1FBD620328D8C33B52DB7743943C8890F1EC65287206DEACD2
C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32security.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	502D5987825F4F6D4627D6C80088743A	77FFEDE001A1207D549A3B55625478A866D7E5AC	5B3C7EE3E22B1839C1C6C515C03FB31E6E792DB99E825135B281A64A5AB7C252
C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32trace.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	3B821D786242A4BA72F8EAD9FA6DB6DA	EE5BD3D7919564A1DBD6751DF833089105A5E3C1	B890A6781AB64F4EF12F507DCCFD617445362645FCC20963679D627DB97298DD
C:\Users\user\AppData\Local\Temp\_MEI12682\win32\win32wnet.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	014AF0E1EAA9A31EAE687F1EAE823810	22BCD2192469992935E00CEB2B0B9A8B90A28C9C	CACEEE05760DAEFE177B1ABC915A1ABAB512A7F8B0689DDC600F57301A019C6B
C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\_cffi.cp38-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BB5E0471A4CE96408EA8D3B667AABFC9	072E7CDFC513580E6291B368546F42E9764F7C85	828EE83BE8E6088D3452770301E9888DFA2D48C01BD5ED06922955481F0A1FC3
C:\Users\user\AppData\Local\Temp\_MEI12682\zstandard\backend_c.cp38-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	7EEBDF85AFD93370AA72A607049C7564	A60FA68592F9D3AA06C220C865782FF3E92C025B	41A3712D497420B701A938F6FDABC93589D083079A53AFF7EC0F55C8C3A07D32
C:\Users\user\AppData\Local\Temp\tmp179_cpv3\gen_py\__init__.py	ASCII text, with CRLF line terminators	8C7CA775CF482C6027B4A2D3DB0F6A31	E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A	52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
C:\Users\user\AppData\Local\Temp\tmp179_cpv3\gen_py\dicts.dat	data	2C7344F3031A5107275CE84AED227411	68ACAD72A154CBE8B2D597655FF84FD31D57C43B	83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
\Device\ConDrv	JSON data	8E8C632FF4048AA416057B3C5336B6CE	381EDCA9BBCA3F705E476D18094A61CE265A2998	8EAE147B5D82300DA0DF4DFB35F8635CA2E38BDFB8A40A21944F9C890EBE90A8

Windows Analysis Report
xSO7sbN2j6.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report xSO7sbN2j6.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report
xSO7sbN2j6.exe