Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
r-c.exe

Overview

General Information

Sample name:r-c.exe
Analysis ID:1629307
MD5:1d6d97b36099b4e87dcd33a1a0adfed1
SHA1:857dfa58a5f027d1db1e74ca1adfa3407ea544b8
SHA256:54991e9a08dab7c7c46738227f2ff25f5f29f69f02e264cf7df4c7ea05a47d04
Infos:

Detection

Python Stealer, Empyrean, Quasar, Discord Token Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected Empyrean Stealer
Detected Quasar RAT
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Discord Token Stealer
Yara detected Empyrean
Yara detected Quasar RAT
Hides that the sample has been downloaded from the Internet (zone.identifier)
Joe Sandbox ML detected suspicious sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Uses cmd line tools excessively to alter registry or file data
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Generic Python Stealer
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses reg.exe to modify the Windows registry
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • r-c.exe (PID: 6704 cmdline: "C:\Users\user\Desktop\r-c.exe" MD5: 1D6D97B36099B4E87DCD33A1A0ADFED1)
    • Windows MicroSoft Smart.exe (PID: 4360 cmdline: "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" MD5: 180BE3F662E15DA43341827D6E54BF69)
      • schtasks.exe (PID: 2848 cmdline: "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • main.exe (PID: 5700 cmdline: "C:\Users\user\AppData\Local\Temp\main.exe" MD5: EB7E5E0BEDBCEC68E54C6F4CA1FD5934)
      • main.exe (PID: 3968 cmdline: "C:\Users\user\AppData\Local\Temp\main.exe" MD5: EB7E5E0BEDBCEC68E54C6F4CA1FD5934)
        • cmd.exe (PID: 4780 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 1316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 5484 cmdline: C:\Windows\system32\cmd.exe /c "reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • reg.exe (PID: 6756 cmdline: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • cmd.exe (PID: 6852 cmdline: C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • reg.exe (PID: 6940 cmdline: reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • cmd.exe (PID: 7000 cmdline: C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 7056 cmdline: C:\Windows\System32\wbem\WMIC.exe csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • cmd.exe (PID: 4680 cmdline: C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 6736 cmdline: C:\Windows\System32\wbem\WMIC.exe csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • cmd.exe (PID: 3964 cmdline: C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 2300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 6716 cmdline: C:\Windows\System32\wbem\WMIC.exe csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Quasar RAT, QuasarRATQuasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
  • APT33
  • Dropping Elephant
  • Stone Panda
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeJoeSecurity_QuasarYara detected Quasar RATJoe Security
    C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWindows_Trojan_Quasarrat_e52df647unknownunknown
    • 0x3ebf2:$a1: GetKeyloggerLogsResponse
    • 0x3e353:$a2: DoDownloadAndExecute
    • 0x50824:$a3: http://api.ipify.org/
    • 0x4e32d:$a4: Domain: {1}{0}Cookie Name: {2}{0}Value: {3}{0}Path: {4}{0}Expired: {5}{0}HttpOnly: {6}{0}Secure: {7}
    • 0x4f67b:$a5: " /sc ONLOGON /tr "
    C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeQuasar_RAT_1Detects Quasar RATFlorian Roth
    • 0x3e10f:$s1: DoUploadAndExecute
    • 0x3e353:$s2: DoDownloadAndExecute
    • 0x3ded4:$s3: DoShellExecute
    • 0x3e30b:$s4: set_Processname
    • 0x5a24:$op1: 04 1E FE 02 04 16 FE 01 60
    • 0x5948:$op2: 00 17 03 1F 20 17 19 15 28
    • 0x63ae:$op3: 00 04 03 69 91 1B 40
    • 0x6bfe:$op3: 00 04 03 69 91 1B 40
    C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeQuasar_RAT_2Detects Quasar RATFlorian Roth
    • 0x3ebf2:$x1: GetKeyloggerLogsResponse
    • 0x3ee32:$s1: DoShellExecuteResponse
    • 0x3e7a1:$s2: GetPasswordsResponse
    • 0x3ed05:$s3: GetStartupItemsResponse
    • 0x3e123:$s5: RunHidden
    • 0x3e141:$s5: RunHidden
    • 0x3e14f:$s5: RunHidden
    • 0x3e163:$s5: RunHidden
    C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeMAL_QuasarRAT_May19_1Detects QuasarRAT malwareFlorian Roth
    • 0x4f641:$xc1: 41 00 64 00 6D 00 69 00 6E 00 00 11 73 00 63 00 68 00 74 00 61 00 73 00 6B 00 73 00 00 1B 2F 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 2F 00 74 00 6E 00 20 00 22 00 00 27 22 00 20 00 2F 00 ...
    • 0x4f877:$xc2: 00 70 00 69 00 6E 00 67 00 20 00 2D 00 6E 00 20 00 31 00 30 00 20 00 6C 00 6F 00 63 00 61 00 6C 00 68 00 6F 00 73 00 74 00 20 00 3E 00 20 00 6E 00 75 00 6C 00 0D 00 0A 00 64 00 65 00 6C 00 20 ...
    Click to see the 9 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
      00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpWindows_Trojan_Quasarrat_e52df647unknownunknown
      • 0x3e9f2:$a1: GetKeyloggerLogsResponse
      • 0x3e153:$a2: DoDownloadAndExecute
      • 0x50624:$a3: http://api.ipify.org/
      • 0x4e12d:$a4: Domain: {1}{0}Cookie Name: {2}{0}Value: {3}{0}Path: {4}{0}Expired: {5}{0}HttpOnly: {6}{0}Secure: {7}
      • 0x4f47b:$a5: " /sc ONLOGON /tr "
      00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpQuasar_RAT_1Detects Quasar RATFlorian Roth
      • 0x3df0f:$s1: DoUploadAndExecute
      • 0x3e153:$s2: DoDownloadAndExecute
      • 0x3dcd4:$s3: DoShellExecute
      • 0x3e10b:$s4: set_Processname
      • 0x5824:$op1: 04 1E FE 02 04 16 FE 01 60
      • 0x5748:$op2: 00 17 03 1F 20 17 19 15 28
      • 0x61ae:$op3: 00 04 03 69 91 1B 40
      • 0x69fe:$op3: 00 04 03 69 91 1B 40
      00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpimplant_win_quasarratDetect QuasarRAT (reted from samples 2023-03)Sekoia.io
      • 0x4f624:$: 63 00 68 00 63 00 70 00 20 00 36 00 35 00 30 00 30 00 31 00
      • 0x4f76d:$: 63 00 68 00 63 00 70 00 20 00 36 00 35 00 30 00 30 00 31 00
      • 0x4f63c:$: 65 00 63 00 68 00 6F 00 20 00 44 00 4F 00 4E 00 54 00 20 00 43 00 4C 00 4F 00 53 00 45 00 20 00 54 00 48 00 49 00 53 00 20 00 57 00 49 00 4E 00 44 00 4F 00 57 00 21 00
      • 0x4f785:$: 65 00 63 00 68 00 6F 00 20 00 44 00 4F 00 4E 00 54 00 20 00 43 00 4C 00 4F 00 53 00 45 00 20 00 54 00 48 00 49 00 53 00 20 00 57 00 49 00 4E 00 44 00 4F 00 57 00 21 00
      • 0x4f678:$: 70 00 69 00 6E 00 67 00 20 00 2D 00 6E 00 20 00 31 00 30 00 20 00 6C 00 6F 00 63 00 61 00 6C 00 68 00 6F 00 73 00 74 00 20 00 3E 00 20 00 6E 00 75 00 6C 00
      • 0x4f7c1:$: 70 00 69 00 6E 00 67 00 20 00 2D 00 6E 00 20 00 31 00 30 00 20 00 6C 00 6F 00 63 00 61 00 6C 00 68 00 6F 00 73 00 74 00 20 00 3E 00 20 00 6E 00 75 00 6C 00
      • 0x4f6b0:$: 64 00 65 00 6C 00 20 00 2F 00 61 00 20 00 2F 00 71 00 20 00 2F 00 66 00 20 00 22 00
      • 0x4f6f6:$: 64 00 65 00 6C 00 20 00 2F 00 61 00 20 00 2F 00 71 00 20 00 2F 00 66 00 20 00 22 00
      • 0x3dcd4:$: DoShellExecute
      • 0x3ec32:$: DoShellExecute
      • 0x3dc1c:$: DoDownloadFile
      • 0x3dc2b:$: DoDownloadFile
      • 0x3e860:$: DoDownloadFile
      00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpQuasardetect Remcos in memoryJPCERT/CC Incident Response Group
      • 0x4ee3a:$quasarstr1: [PRIVATE KEY LOCATION: "{0}"]
      • 0x4ea4e:$quasarstr2: User: {0}{3}Pass: {1}{3}Host: {2}
      • 0x33db7:$class: Core.MouseKeyHook.WinApi
      Click to see the 4 entries

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: CurrentVersion Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\empyrean\run.bat, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 6940, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\empyrean
      Sigma detected: Direct Autorun Keys Modification
      Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f, CommandLine: reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6852, ParentProcessName: cmd.exe, ProcessCommandLine: reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f, ProcessId: 6940, ProcessName: reg.exe
      Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f", CommandLine: C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\main.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\main.exe, ParentProcessId: 3968, ParentProcessName: main.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f", ProcessId: 6852, ProcessName: cmd.exe
      Sigma detected: Suspicious Add Scheduled Task Parent
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /f, CommandLine: "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, ParentProcessId: 4360, ParentProcessName: Windows MicroSoft Smart.exe, ProcessCommandLine: "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /f, ProcessId: 2848, ProcessName: schtasks.exe
      Sigma detected: Suspicious Schtasks From Env Var Folder
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /f, CommandLine: "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, ParentProcessId: 4360, ParentProcessName: Windows MicroSoft Smart.exe, ProcessCommandLine: "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /f, ProcessId: 2848, ProcessName: schtasks.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-04T16:01:46.803666+010020363831A Network Trojan was detected192.168.2.1649698208.95.112.180TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: r-c.exeAvira: detected
      Antivirus detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeAvira: detection malicious, Label: HEUR/AGEN.1305744
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeReversingLabs: Detection: 91%
      Multi AV Scanner detection for submitted file
      Source: r-c.exeVirustotal: Detection: 76%Perma Link
      Source: r-c.exeReversingLabs: Detection: 87%
      Yara detected Quasar RAT
      Source: Yara matchFile source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Windows MicroSoft Smart.exe PID: 4360, type: MEMORYSTR
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPED
      Joe Sandbox ML detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.3% probability
      Sample uses string decryption to hide its real strings
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString decryptor: 1.3.0.0
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString decryptor: caidume1368.ddns.net:8848;
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString decryptor: SubDir
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString decryptor: Client.exe
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString decryptor: QSR_MUTEX_u4SGx4JeBWr8883ebl
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString decryptor: Windows MicroSoft Smart
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString decryptor: new
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString decryptor: Logs
      Source: r-c.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb source: main.exe, 00000006.00000002.1451804461.00007FFF28C81000.00000040.00000001.01000000.00000016.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\sqlite3.pdb source: main.exe, 00000006.00000002.1430892545.00007FFF284E1000.00000040.00000001.01000000.00000023.sdmp
      Source: Binary string: ucrtbase.pdb source: main.exe, 00000006.00000002.1471151147.00007FFF29AF1000.00000002.00000001.01000000.00000008.sdmp, ucrtbase.dll.3.dr
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32crypt.pdb source: main.exe, 00000006.00000002.1423020161.00007FFF280F1000.00000040.00000001.01000000.0000003F.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\python3.pdb source: main.exe, 00000006.00000002.1340989322.000001C022DC0000.00000002.00000001.01000000.0000000B.sdmp
      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: api-ms-win-crt-heap-l1-1-0.dll.3.dr
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: main.exe, 00000003.00000003.1145040855.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1473529072.00007FFF35401000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: main.exe, 00000006.00000002.1453898491.00007FFF29084000.00000040.00000001.01000000.00000009.sdmp
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb source: main.exe, 00000006.00000002.1467466233.00007FFF299A1000.00000040.00000001.01000000.00000014.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000003.00000003.1145202910.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1475976491.00007FFF3F525000.00000002.00000001.01000000.00000015.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000006.00000002.1468759486.00007FFF29A2C000.00000040.00000001.01000000.0000000F.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_asyncio.pdb source: main.exe, 00000006.00000002.1427287776.00007FFF28251000.00000040.00000001.01000000.00000036.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: main.exe, 00000006.00000002.1468759486.00007FFF29A2C000.00000040.00000001.01000000.0000000F.sdmp
      Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.3.dr
      Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: main.exe, 00000006.00000002.1476527952.00007FFF41321000.00000040.00000001.01000000.00000012.sdmp
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb!! source: main.exe, 00000006.00000002.1466828646.00007FFF29971000.00000040.00000001.01000000.00000017.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: main.exe, 00000006.00000002.1435071530.00007FFF2878C000.00000040.00000001.01000000.00000021.sdmp
      Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.3.dr
      Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: api-ms-win-crt-time-l1-1-0.dll.3.dr
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: main.exe, 00000006.00000002.1448491768.00007FFF28BE6000.00000040.00000001.01000000.0000001C.sdmp
      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: api-ms-win-core-timezone-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: api-ms-win-core-synch-l1-2-0.dll.3.dr
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb source: main.exe, 00000006.00000002.1466828646.00007FFF29971000.00000040.00000001.01000000.00000017.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: main.exe, 00000006.00000002.1450692208.00007FFF28C31000.00000040.00000001.01000000.0000001B.sdmp
      Source: Binary string: ucrtbase.pdbUGP source: main.exe, 00000006.00000002.1471151147.00007FFF29AF1000.00000002.00000001.01000000.00000008.sdmp, ucrtbase.dll.3.dr
      Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: main.exe, 00000006.00000002.1439137715.00007FFF28A3E000.00000040.00000001.01000000.0000001D.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: main.exe, 00000003.00000003.1145202910.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1475976491.00007FFF3F525000.00000002.00000001.01000000.00000015.sdmp
      Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.3.dr
      Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb$$ source: main.exe, 00000006.00000002.1465950616.00007FFF29921000.00000040.00000001.01000000.00000018.sdmp
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: main.exe, 00000006.00000002.1448491768.00007FFF28BE6000.00000040.00000001.01000000.0000001C.sdmp
      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.3.dr
      Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb source: main.exe, 00000006.00000002.1465950616.00007FFF29921000.00000040.00000001.01000000.00000018.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_uuid.pdb source: main.exe, 00000006.00000002.1475621311.00007FFF3DCB1000.00000040.00000001.01000000.00000019.sdmp
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb}},GCTL source: main.exe, 00000006.00000002.1451804461.00007FFF28C81000.00000040.00000001.01000000.00000016.sdmp
      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: main.exe, 00000006.00000002.1439137715.00007FFF28A3E000.00000040.00000001.01000000.0000001D.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000003.00000003.1145040855.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1473529072.00007FFF35401000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: main.exe, 00000006.00000002.1472821110.00007FFF353C1000.00000040.00000001.01000000.0000000C.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_sqlite3.pdb source: main.exe, 00000006.00000002.1434646811.00007FFF28661000.00000040.00000001.01000000.00000022.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: main.exe, 00000006.00000002.1476210516.00007FFF412C1000.00000040.00000001.01000000.00000013.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_overlapped.pdb source: main.exe, 00000006.00000002.1426974135.00007FFF28241000.00000040.00000001.01000000.00000037.sdmp
      Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: api-ms-win-core-string-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.3.dr
      Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: api-ms-win-core-console-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: api-ms-win-crt-utility-l1-1-0.dll.3.dr
      Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: main.exe, 00000006.00000002.1471985258.00007FFF2E7F1000.00000040.00000001.01000000.00000011.sdmp
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb** source: main.exe, 00000006.00000002.1467466233.00007FFF299A1000.00000040.00000001.01000000.00000014.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: main.exe, 00000006.00000002.1472428520.00007FFF2E811000.00000040.00000001.01000000.0000000E.sdmp
      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: api-ms-win-core-processthreads-l1-1-1.dll.3.dr
      Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: main.exe, 00000006.00000002.1438750555.00007FFF287D1000.00000040.00000001.01000000.0000001E.sdmp
      Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: main.exe, 00000006.00000002.1439137715.00007FFF28AC0000.00000040.00000001.01000000.0000001D.sdmp
      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.3.dr
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32crypt.pdb!! source: main.exe, 00000006.00000002.1423020161.00007FFF280F1000.00000040.00000001.01000000.0000003F.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\pyexpat.pdb source: main.exe, 00000006.00000002.1468088522.00007FFF299D1000.00000040.00000001.01000000.00000010.sdmp

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2036383 - Severity 1 - ET MALWARE Common RAT Connectivity Check Observed : 192.168.2.16:49698 -> 208.95.112.1:80
      Uses dynamic DNS services
      Source: unknownDNS query: name: caidume1368.ddns.net
      Source: global trafficTCP traffic: 192.168.2.16:49699 -> 27.70.212.17:8848
      Source: Joe Sandbox ViewIP Address: 104.26.8.44 104.26.8.44
      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
      Source: Joe Sandbox ViewASN Name: VIETEL-AS-APViettelGroupVN VIETEL-AS-APViettelGroupVN
      Source: unknownDNS query: name: ip-api.com
      Source: unknownDNS query: name: ipapi.co
      Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0Host: ip-api.comConnection: Keep-Alive
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0Host: ip-api.comConnection: Keep-Alive
      Source: main.exe, 00000006.00000002.1413819506.000001C026138000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027280000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: ip-api.com
      Source: global trafficDNS traffic detected: DNS query: caidume1368.ddns.net
      Source: global trafficDNS traffic detected: DNS query: ipapi.co
      Source: global trafficDNS traffic detected: DNS query: discord.com
      Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
      Source: global trafficDNS traffic detected: DNS query: www.cloudflare.com
      Source: main.exe, 00000006.00000002.1378445255.000001C024AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
      Source: Windows MicroSoft Smart.exe, 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://api.ipify.org/
      Source: main.exe, 00000006.00000003.1183723278.000001C02410F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1324300992.000001C023D7A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1337326203.000001C02411C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1356387823.000001C023D77000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1189862721.000001C02410D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1385441206.000001C024E3B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313605401.000001C0235D2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1319327534.000001C024116000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1305128675.000001C024E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: main.exe, 00000006.00000002.1372993333.000001C0247A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://chardet.feedparser.org/
      Source: main.exe, 00000006.00000003.1326326520.000001C023955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
      Source: main.exe, 00000006.00000003.1321951405.000001C0235C3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1345308821.000001C0235C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1167202578.000001C023ABE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314555993.000001C023586000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
      Source: main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302766786.000001C0250D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024114000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C024110000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245206430.000001C025098000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025097000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1205641226.000001C024113000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1316116550.000001C024031000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C024031000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307583187.000001C0250D9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C023F1C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C02402C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1330286775.000001C025245000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1211757850.000001C025238000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
      Source: main.exe, 00000006.00000003.1247659098.000001C024052000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391891198.000001C0253C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1319327534.000001C0240CF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024051000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245447145.000001C02506D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1244021514.000001C025109000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1243245891.000001C025534000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C0240CB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025106000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1309886496.000001C025555000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1316116550.000001C024053000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1297957079.000001C025537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C024059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODO
      Source: main.exe, 00000006.00000003.1300690744.000001C024E8A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245447145.000001C02506D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1392507424.000001C025541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1385601121.000001C024E8A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1297957079.000001C025537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
      Source: main.exe, 00000006.00000003.1307583187.000001C0250D9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C023F1C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C02402C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1330286775.000001C025245000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1211757850.000001C025238000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
      Source: main.exe, 00000006.00000003.1220521710.000001C024114000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C024110000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1205641226.000001C024113000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
      Source: main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1205567678.000001C0251E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245447145.000001C02506D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307303935.000001C0253BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
      Source: main.exe, 00000006.00000002.1388543388.000001C024FA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
      Source: main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl1
      Source: main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307303935.000001C0253BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlz
      Source: main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1205567678.000001C0251E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245447145.000001C02506D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307303935.000001C0253BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
      Source: main.exe, 00000006.00000002.1388543388.000001C024FA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
      Source: main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307303935.000001C0253BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0GtN
      Source: main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlom
      Source: main.exe, 00000006.00000003.1205567678.000001C0251E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crls.IFD.Make%P
      Source: main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1244021514.000001C0250FF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025102000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
      Source: main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl%
      Source: main.exe, 00000006.00000003.1247659098.000001C024052000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1317175943.000001C025550000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024051000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1243245891.000001C025534000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1316116550.000001C024053000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1309886496.000001C025552000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1297957079.000001C025537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
      Source: main.exe, 00000006.00000003.1244021514.000001C0250FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlROR_CLUS
      Source: main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlex
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: _overlapped.pyd.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
      Source: main.exe, 00000006.00000002.1356387823.000001C023D77000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
      Source: main.exe, 00000006.00000003.1183723278.000001C02410F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1337326203.000001C02411C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313605401.000001C0235D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
      Source: main.exe, 00000006.00000003.1183723278.000001C02410F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1324300992.000001C023D7A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1189862721.000001C02410D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1319327534.000001C024116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
      Source: main.exe, 00000006.00000003.1189862721.000001C024082000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C02410F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1382768933.000001C024CF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1378445255.000001C024AF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1205641226.000001C024084000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360236027.000001C024073000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1372993333.000001C0247A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024114000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C024080000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1368579860.000001C0245A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1189862721.000001C024066000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1189862721.000001C02410D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1308556080.000001C023AF9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1320147075.000001C02407F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246952723.000001C024084000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360651792.000001C024115000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1352477033.000001C023AF9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1392769308.000001C0255F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1332863127.000001C024080000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C02406D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
      Source: main.exe, 00000006.00000002.1382768933.000001C024CF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
      Source: main.exe, 00000006.00000002.1395031766.000001C025720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
      Source: main.exe, 00000006.00000002.1392769308.000001C0255F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
      Source: main.exe, 00000006.00000002.1378445255.000001C024AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
      Source: main.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
      Source: Windows MicroSoft Smart.exe, 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://freegeoip.net/xml/
      Source: main.exe, 00000006.00000002.1354455690.000001C023C20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
      Source: main.exe, 00000006.00000002.1376116768.000001C0248A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl
      Source: main.exe, 00000006.00000003.1336375707.000001C023EFA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307678048.000001C023EE7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1317316982.000001C023EF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
      Source: main.exe, 00000006.00000003.1336559276.000001C023A93000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1352326325.000001C023ABC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
      Source: main.exe, 00000006.00000002.1352152399.000001C023A7F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1185894594.000001C023A2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
      Source: main.exe, 00000006.00000003.1336559276.000001C023A93000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/post
      Source: Windows MicroSoft Smart.exe, 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://ip-api.com/json/
      Source: main.exe, 00000006.00000002.1372993333.000001C0247A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html
      Source: r-c.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: r-c.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: main.exe, 00000006.00000003.1246207077.000001C025307000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1244021514.000001C025109000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
      Source: main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391797981.000001C0252D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246952723.000001C024063000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1304662600.000001C0252CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
      Source: main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esk
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://ocsp.digicert.com0
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://ocsp.digicert.com0A
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://ocsp.digicert.com0X
      Source: main.exe, 00000006.00000002.1341228400.000001C0231E0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1347532555.000001C023820000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
      Source: main.exe, 00000006.00000002.1392769308.000001C0255F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org
      Source: main.exe, 00000006.00000003.1318517360.000001C023A0F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1310095640.000001C023971000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org/
      Source: main.exe, 00000006.00000002.1392769308.000001C0255F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org:80
      Source: main.exe, 00000006.00000002.1389588174.000001C025122000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
      Source: main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/a
      Source: main.exe, 00000006.00000002.1392507424.000001C025541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1297957079.000001C025537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/y
      Source: main.exe, 00000006.00000002.1408893129.000001C025E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://timgolden.me.uk/python/wmi.html
      Source: main.exe, 00000006.00000002.1408893129.000001C025E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://timgolden.me.uk/python/wmi.htmlread
      Source: main.exe, 00000006.00000003.1183723278.000001C024002000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1359679679.000001C024002000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1316116550.000001C024003000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1336375707.000001C023EFA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322724372.000001C024000000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024002000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307678048.000001C023EE7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023FE2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C023FFE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1317316982.000001C023EF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
      Source: main.exe, 00000006.00000002.1382768933.000001C024CF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
      Source: main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
      Source: main.exe, 00000006.00000002.1378445255.000001C024AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
      Source: main.exe, 00000006.00000003.1324300992.000001C023D7A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
      Source: main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391797981.000001C0252D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246207077.000001C025307000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1244021514.000001C025109000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246952723.000001C024063000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025106000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1304662600.000001C0252CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
      Source: main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391438880.000001C02524C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1211757850.000001C025248000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1330286775.000001C025245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
      Source: main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391797981.000001C0252D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246952723.000001C024063000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1304662600.000001C0252CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
      Source: main.exe, 00000006.00000002.1391438880.000001C02524C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1330286775.000001C025245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl2
      Source: main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crla
      Source: main.exe, 00000006.00000002.1357249100.000001C023E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
      Source: main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391797981.000001C0252D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246952723.000001C024063000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1304662600.000001C0252CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
      Source: main.exe, 00000006.00000003.1309576599.000001C023E0F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1344408236.000001C023529000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391797981.000001C0252D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246952723.000001C024063000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314367924.000001C023E12000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1304662600.000001C0252CF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1357249100.000001C023E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
      Source: COPYING.txt.3.drString found in binary or memory: http://www.apache.org/licenses/
      Source: COPYING.txt.3.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: main.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
      Source: main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1305128675.000001C024E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
      Source: main.exe, 00000006.00000003.1204468947.000001C025097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/n
      Source: main.exe, 00000006.00000003.1164788594.000001C023978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
      Source: main.exe, 00000006.00000002.1385441206.000001C024E3B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1305128675.000001C024E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
      Source: main.exe, 00000003.00000003.1145344891.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000003.00000003.1145449974.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.3.dr, libcrypto-1_1.dll.3.dr, pyexpat.pyd.3.dr, _hashlib.pyd.3.dr, _overlapped.pyd.3.drString found in binary or memory: http://www.digicert.com/CPS0
      Source: main.exe, 00000006.00000002.1352152399.000001C023A7F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C02405E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1309886496.000001C02554E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1243245891.000001C025534000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1297957079.000001C025537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
      Source: main.exe, 00000006.00000003.1317796948.000001C023A31000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1185894594.000001C023A2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1337370048.000001C023A38000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1310095640.000001C023A33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
      Source: main.exe, 00000006.00000002.1408893129.000001C025E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
      Source: main.exe, 00000006.00000003.1164788594.000001C023978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
      Source: main.exe, 00000006.00000003.1324300992.000001C023D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
      Source: main.exe, 00000006.00000003.1204468947.000001C02516C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1244021514.000001C0250DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1297957079.000001C025537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
      Source: main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps23-10
      Source: main.exe, 00000006.00000002.1390872864.000001C0251F2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1335953322.000001C0251F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cpsz
      Source: main.exe, 00000006.00000003.1324300992.000001C023D7A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
      Source: main.exe, 00000006.00000003.1324300992.000001C023D7A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
      Source: main.exe, 00000006.00000003.1183723278.000001C024002000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1359679679.000001C024002000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322724372.000001C024000000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024002000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023FE2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C023FFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
      Source: main.exe, 00000006.00000003.1224414395.000001C027230000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C0271E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
      Source: main.exe, 00000006.00000003.1224414395.000001C027218000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1303057263.000001C02525B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1222568591.000001C025258000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1416382023.000001C0272E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
      Source: main.exe, 00000006.00000002.1397217410.000001C025910000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1300690744.000001C024EB3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1385930966.000001C024EC2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1311540191.000001C024EC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue37179
      Source: main.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
      Source: main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com
      Source: main.exe, 00000006.00000003.1326270505.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1177772163.000001C023F58000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1359036535.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1303366394.000001C023F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/firacode/6.2.0/woff/FiraCode-Bold.woff
      Source: main.exe, 00000006.00000003.1326270505.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1177772163.000001C023F58000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1359036535.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1303366394.000001C023F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/firacode/6.2.0/woff/FiraCode-Regular.woff
      Source: main.exe, 00000006.00000003.1326270505.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1177772163.000001C023F58000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1359036535.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1303366394.000001C023F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/firacode/6.2.0/woff2/FiraCode-Bold.woff2
      Source: main.exe, 00000006.00000003.1326270505.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1177772163.000001C023F58000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1359036535.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1303366394.000001C023F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/firacode/6.2.0/woff2/FiraCode-Regular.woff2
      Source: main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://click.palletsprojects.com/
      Source: main.exe, 00000006.00000002.1406493332.000001C025D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/guilds/
      Source: main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v
      Source: main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v10
      Source: main.exe, 00000006.00000002.1406493332.000001C025D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v10/webhooks/1233025621534183465/AkAOQmAnk7LoUxxrvOiEy9huwSp4konCmCdWOxgZW2u
      Source: main.exe, 00000006.00000002.1408893129.000001C025E90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/
      Source: main.exe, 00000006.00000002.1408893129.000001C025E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/0R
      Source: main.exe, 00000006.00000002.1404094524.000001C025C90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1406493332.000001C025D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/channels/
      Source: main.exe, 00000006.00000002.1378445255.000001C024AF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023FE2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1392769308.000001C0255F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/developers/applications/
      Source: main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/events/
      Source: main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/oauth2/authorize?client_id=
      Source: main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gg
      Source: main.exe, 00000006.00000002.1404094524.000001C025C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.new/
      Source: main.exe, 00000006.00000002.1411349028.000001C025F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com/api/webhooks/1233025621534183465/AkAOQmAnk7LoUxxrvOiEy9huwSp4konCmCdWOxgZW2um
      Source: main.exe, 00000006.00000003.1321116654.000001C024E61000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183635679.000001C024E8F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1333293049.000001C024FBB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183552863.000001C024EB4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1305128675.000001C024E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#client-tracing
      Source: main.exe, 00000006.00000002.1397217410.000001C025910000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1300690744.000001C024EB3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1385930966.000001C024EC2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1311540191.000001C024EC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
      Source: main.exe, 00000006.00000002.1397217410.000001C025910000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322566401.000001C023F97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023F9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html
      Source: main.exe, 00000006.00000003.1334376990.000001C023949000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html
      Source: main.exe, 00000006.00000003.1334376990.000001C023949000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
      Source: main.exe, 00000006.00000003.1168891836.000001C023DEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313605401.000001C0235D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html
      Source: main.exe, 00000006.00000002.1347532555.000001C023820000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1168891836.000001C023D93000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1168891836.000001C023DEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
      Source: main.exe, 00000006.00000002.1397217410.000001C025910000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSION
      Source: main.exe, 00000006.00000003.1333293049.000001C024FBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.rs/regex/latest/regex/#syntax
      Source: main.exe, 00000006.00000003.1314970203.000001C023DF1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1356902497.000001C023DF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539#
      Source: main.exe, 00000006.00000003.1307678048.000001C023EC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728
      Source: main.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
      Source: main.exe, 00000006.00000002.1382768933.000001C024CF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1397217410.000001C025910000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com
      Source: main.exe, 00000006.00000003.1331827167.000001C02404C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322724372.000001C024051000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024051000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1316116550.000001C024051000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C024032000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024050000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C024051000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
      Source: main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rapptz/discord.py
      Source: main.exe, 00000006.00000003.1312999146.000001C0214BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C0214EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C0214A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1326897532.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1340358971.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313998357.000001C02149C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1166559330.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1340232097.000001C02149F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C02149F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
      Source: main.exe, 00000006.00000002.1397217410.000001C025910000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1300690744.000001C024EB3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1385930966.000001C024EC2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1311540191.000001C024EC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
      Source: main.exe, 00000006.00000002.1350725917.000001C023A13000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1310095640.000001C023971000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1318517360.000001C023A17000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1310095640.000001C023A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/freyacodes/Lavalink
      Source: main.exe, 00000006.00000002.1376116768.000001C0248A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1185894594.000001C023A2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
      Source: main.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
      Source: main.exe, 00000006.00000002.1423550197.00007FFF28116000.00000004.00000001.01000000.0000003F.sdmp, main.exe, 00000006.00000002.1467382680.00007FFF2999A000.00000004.00000001.01000000.00000017.sdmp, main.exe, 00000006.00000002.1453742130.00007FFF28D35000.00000004.00000001.01000000.00000016.sdmp, main.exe, 00000006.00000002.1467964038.00007FFF299C9000.00000004.00000001.01000000.00000014.sdmp, pywintypes310.dll.3.dr, win32trace.pyd.3.drString found in binary or memory: https://github.com/mhammond/pywin32
      Source: main.exe, 00000006.00000003.1310095640.000001C023A24000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1185894594.000001C023A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1351743589.000001C023A23000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1318517360.000001C023A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pygments/pygments/archive/master.zip#egg=Pygments-dev
      Source: COPYING.txt.3.drString found in binary or memory: https://github.com/pyinstaller/pyinstaller.
      Source: main.exe, 00000006.00000002.1361261858.000001C024120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
      Source: main.exe, 00000006.00000002.1361261858.000001C024120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingute
      Source: main.exe, 00000006.00000003.1320701844.000001C023984000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
      Source: main.exe, 00000006.00000003.1176875471.000001C023AF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/136
      Source: main.exe, 00000006.00000003.1176875471.000001C023B16000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1308556080.000001C023B01000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1179262233.000001C023B18000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1352477033.000001C023B01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/251
      Source: main.exe, 00000006.00000003.1176875471.000001C023AF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/428
      Source: main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-pillow/Pillow/
      Source: main.exe, 00000006.00000003.1161322489.000001C0214EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1341228400.000001C0231E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
      Source: main.exe, 00000006.00000003.1161322489.000001C02149F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
      Source: main.exe, 00000006.00000003.1312999146.000001C0214BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C0214EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C0214A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1326897532.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1340358971.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313998357.000001C02149C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1166559330.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1340232097.000001C02149F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C02149F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
      Source: main.exe, 00000006.00000002.1397217410.000001C025910000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1300690744.000001C024EB3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1385930966.000001C024EC2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1311540191.000001C024EC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/28073
      Source: main.exe, 00000006.00000003.1312999146.000001C0214BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C0214EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C0214A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1326897532.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1340358971.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313998357.000001C02149C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1166559330.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1340232097.000001C02149F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C02149F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
      Source: main.exe, 00000006.00000003.1314970203.000001C023DF1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1356902497.000001C023DF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
      Source: main.exe, 00000006.00000002.1356902497.000001C023DF2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1323861334.000001C023DF0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023DF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
      Source: COPYING.txt.3.drString found in binary or memory: https://gnu.org/licenses/gpl-2.0.html
      Source: main.exe, 00000006.00000003.1331827167.000001C02404C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C023F79000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1326505507.000001C023F79000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334376990.000001C023949000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C024032000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024050000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307678048.000001C023EE7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023F7F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1317316982.000001C023EF7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1332002607.000001C023F7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
      Source: main.exe, 00000006.00000003.1183723278.000001C023F79000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1326505507.000001C023F79000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307678048.000001C023EE7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023F7F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1317316982.000001C023EF7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1332002607.000001C023F7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
      Source: main.exe, 00000006.00000003.1332002607.000001C023F70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
      Source: main.exe, 00000006.00000002.1350725917.000001C023A13000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1185894594.000001C023A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1318517360.000001C023A17000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1310095640.000001C023A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
      Source: main.exe, 00000006.00000003.1190758245.000001C024050000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
      Source: main.exe, 00000006.00000002.1392769308.000001C0255F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1189862721.000001C024080000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1332863127.000001C024080000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C023F86000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C02406D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C02400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
      Source: main.exe, 00000006.00000003.1303366394.000001C023F9E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C023F9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C023F9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322566401.000001C023F97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023F9A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C023F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
      Source: main.exe, 00000006.00000002.1413819506.000001C0261D4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.imgur.com/HjzfjfR.png
      Source: main.exe, 00000006.00000002.1404094524.000001C025C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.scdn.co/image/
      Source: main.exe, 00000006.00000002.1413819506.000001C026138000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipapi.co/ip/
      Source: main.exe, 00000006.00000003.1316116550.000001C024040000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
      Source: main.exe, 00000006.00000003.1224414395.000001C027218000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1303057263.000001C02525B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1222568591.000001C025258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
      Source: main.exe, 00000006.00000003.1224414395.000001C027230000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1416382023.000001C0272F8000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027204000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
      Source: main.exe, 00000006.00000003.1183723278.000001C024002000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C02401F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322724372.000001C02401F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C024022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
      Source: main.exe, 00000006.00000002.1404094524.000001C025C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://media.discordapp.net/
      Source: main.exe, 00000006.00000003.1324300992.000001C023D7A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
      Source: main.exe, 00000006.00000002.1404094524.000001C025C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://open.spotify.com/track/
      Source: main.exe, 00000006.00000003.1333293049.000001C024FBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://projectfluent.org
      Source: main.exe, 00000006.00000003.1322724372.000001C024033000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1358483751.000001C023F5F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1179563537.000001C024032000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024032000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C024031000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C024032000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1316116550.000001C024031000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C023F68000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C02402C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pygments.org/docs/lexers/)
      Source: main.exe, 00000006.00000003.1183723278.000001C023F68000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C02402C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pygments.org/docs/styles/#getting-a-list-of-available-styles).
      Source: main.exe, 00000006.00000002.1453898491.00007FFF29084000.00000040.00000001.01000000.00000009.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
      Source: main.exe, 00000006.00000002.1413819506.000001C026110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/addi00000/empyrean-injection/main/obfuscated.js
      Source: main.exe, 00000006.00000002.1413819506.000001C026110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/addi00000/empyrean-injection/main/obfuscated.js0
      Source: main.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
      Source: main.exe, 00000006.00000003.1298285640.000001C02404D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1331827167.000001C02404C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1382768933.000001C024CF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322724372.000001C02404A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1303366394.000001C023F9E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C02404E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C023F9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C023F9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C02404A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322566401.000001C023F97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023F9A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C02404E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023FE2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C023F86000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1316116550.000001C02404D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
      Source: main.exe, 00000006.00000003.1163861679.000001C0239C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1323573086.000001C023617000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1165336341.000001C02359F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1164679741.000001C0239D0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313605401.000001C0235D2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1163980842.000001C02396D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
      Source: main.exe, 00000006.00000003.1321951405.000001C023604000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1171809820.000001C023DE8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1168891836.000001C023D93000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1168891836.000001C023DEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313605401.000001C0235D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
      Source: main.exe, 00000006.00000002.1376116768.000001C0248A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1185894594.000001C023A2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745
      Source: main.exe, 00000006.00000003.1217946483.000001C0252DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
      Source: main.exe, 00000006.00000003.1216220854.000001C0252F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
      Source: main.exe, 00000006.00000003.1212789399.000001C025261000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1389588174.000001C0250F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1244021514.000001C0250DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
      Source: main.exe, 00000006.00000003.1216220854.000001C0252F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1217946483.000001C0252F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.oGUCFCdKfd-E
      Source: main.exe, 00000006.00000003.1309576599.000001C023E0F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1357285895.000001C023E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
      Source: main.exe, 00000006.00000003.1183723278.000001C02410F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1337326203.000001C02411C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313605401.000001C0235D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
      Source: main.exe, 00000006.00000002.1385441206.000001C024E3B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1305128675.000001C024E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
      Source: main.exe, 00000006.00000003.1331827167.000001C02404C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334376990.000001C023949000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C024032000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024050000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
      Source: main.exe, 00000006.00000002.1378445255.000001C024AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
      Source: main.exe, 00000006.00000002.1376116768.000001C0248A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
      Source: main.exe, 00000006.00000003.1224414395.000001C0271E0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C0272A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
      Source: main.exe, 00000006.00000003.1312999146.000001C021509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
      Source: main.exe, 00000006.00000002.1413819506.000001C026138000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027280000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
      Source: main.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
      Source: main.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
      Source: main.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
      Source: main.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
      Source: main.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
      Source: main.exe, 00000006.00000003.1224414395.000001C027230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
      Source: main.exe, 00000006.00000002.1413819506.000001C026124000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/cdn-cgi/trace
      Source: main.exe, 00000006.00000002.1413819506.000001C026124000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/cdn-cgi/tracep#
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
      Source: main.exe, 00000006.00000002.1413819506.000001C0261D4000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
      Source: main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
      Source: main.exe, 00000006.00000003.1224414395.000001C0272A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1413819506.000001C026138000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
      Source: main.exe, 00000006.00000003.1224414395.000001C0271E0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027218000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1217946483.000001C0252C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C0272A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1217946483.000001C0252DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
      Source: main.exe, 00000006.00000003.1224414395.000001C0272A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
      Source: main.exe, 00000006.00000003.1216220854.000001C0252F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
      Source: main.exe, 00000006.00000003.1216220854.000001C0252F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
      Source: main.exe, 00000006.00000003.1216220854.000001C0252F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
      Source: main.exe, 00000006.00000003.1212789399.000001C02526F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1216220854.000001C0252F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307678048.000001C023F05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
      Source: main.exe, 00000006.00000003.1216220854.000001C0252F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
      Source: main.exe, 00000006.00000003.1224414395.000001C027218000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1222568591.000001C025258000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1416382023.000001C0272E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
      Source: main.exe, 00000006.00000003.1224414395.000001C0271E0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C0272A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
      Source: main.exe, 00000006.00000002.1450569817.00007FFF28C23000.00000004.00000001.01000000.0000001C.sdmp, main.exe, 00000006.00000002.1448074194.00007FFF28B44000.00000004.00000001.01000000.0000001D.sdmp, libcrypto-1_1.dll.3.drString found in binary or memory: https://www.openssl.org/H
      Source: main.exe, 00000006.00000002.1370493429.000001C0246A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.oreilly.com/library/view/regular-expressions-cookbook/9781449327453/ch04s07.html
      Source: main.exe, 00000006.00000003.1303366394.000001C023F9E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C023F9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C023F9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322566401.000001C023F97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023F9A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C023F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
      Source: main.exe, 00000006.00000003.1183723278.000001C024002000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C02401F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322724372.000001C02401F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C024022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
      Source: main.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
      Source: main.exe, 00000006.00000003.1162327300.000001C023588000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1341228400.000001C0231E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
      Source: main.exe, 00000006.00000003.1326270505.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1177772163.000001C023F58000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1359036535.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1303366394.000001C023F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.textualize.io
      Source: main.exe, 00000006.00000003.1224414395.000001C027230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
      Source: main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: main.exe, 00000006.00000003.1224414395.000001C0271E0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C0272A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
      Source: main.exe, 00000006.00000003.1204468947.000001C025097000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302459485.000001C02507B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246207077.000001C02538F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1244021514.000001C0250DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
      Source: main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302766786.000001C0250D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024114000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C024110000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245206430.000001C025098000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1205641226.000001C024113000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1316116550.000001C024031000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C024031000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307583187.000001C0250D9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C02402C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1330286775.000001C025245000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1211757850.000001C025238000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
      Source: main.exe, 00000006.00000003.1183723278.000001C023F79000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1326505507.000001C023F79000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307678048.000001C023EE7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023F7F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1317316982.000001C023EF7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1332002607.000001C023F7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
      Source: main.exe, 00000006.00000003.1324300992.000001C023D3D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zopeinterface.readthedocs.io/en/latest/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712

      E-Banking Fraud

      barindex
      Yara detected Quasar RAT
      Source: Yara matchFile source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Windows MicroSoft Smart.exe PID: 4360, type: MEMORYSTR
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPED

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Quasarrat_e52df647 Author: unknown
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detect QuasarRAT (reted from samples 2023-03) Author: Sekoia.io
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: detect Remcos in memory Author: JPCERT/CC Incident Response Group
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Windows_Trojan_Quasarrat_e52df647 Author: unknown
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Detects Quasar RAT Author: Florian Roth
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Detects QuasarRAT malware Author: Florian Roth
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Detects Vermin Keylogger Author: Florian Roth
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Detects Patchwork malware Author: Florian Roth
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Detect QuasarRAT (reted from samples 2023-03) Author: Sekoia.io
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: detect Remcos in memory Author: JPCERT/CC Incident Response Group
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: QuasarRAT payload Author: ditekSHen
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess Stats: CPU usage > 24%
      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_ARC4.pyd 836CBA3B83B00427430FE6E1C4E45790616BC85C57DBD6E6D5B6930A9745B715
      Source: unicodedata.pyd.3.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
      Source: win32ui.pyd.3.drStatic PE information: Resource name: RT_MENU type: COM executable for DOS
      Source: win32ui.pyd.3.drStatic PE information: Resource name: RT_GROUP_CURSOR type: DOS executable (COM, 0x8C-variant)
      Source: _overlapped.pyd.3.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
      Source: api-ms-win-crt-locale-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-file-l1-2-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-process-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-profile-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-libraryloader-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-louserzation-l1-2-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-datetime-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-namedpipe-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-time-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-convert-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-filesystem-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-math-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-util-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-processenvironment-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-interlocked-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-synch-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-heap-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-timezone-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-environment-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-string-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-sysinfo-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: python3.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-processthreads-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-heap-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-file-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-console-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-processthreads-l1-1-1.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-stdio-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-multibyte-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-errorhandling-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-conio-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-rtlsupport-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-synch-l1-2-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-handle-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-debug-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-memory-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-utility-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-string-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-file-l2-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-runtime-l1-1-0.dll.3.drStatic PE information: No import functions for PE file found
      Source: r-c.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Quasarrat_e52df647 reference_sample = a58efd253a25cc764d63476931da2ddb305a0328253a810515f6735a6690de1d, os = windows, severity = x86, creation_date = 2021-06-27, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Quasarrat, fingerprint = c888f0856c6568b83ab60193f8144a61e758e6ff53f6ead8565282ae8b3a9815, id = e52df647-c197-4790-b051-8951fba80c3b, last_modified = 2021-08-23
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: implant_win_quasarrat author = Sekoia.io, description = Detect QuasarRAT (reted from samples 2023-03), creation_date = 2023-03-17, classification = TLP:CLEAR, version = 1.0, reference = https://blog.alyac.co.kr/5103, id = 492fdffc-8e5f-4225-a2eb-cd6d80e6bcb8
      Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Quasar hash1 = 390c1530ff62d8f4eddff0ac13bc264cbf4183e7e3d6accf8f721ffc5250e724, author = JPCERT/CC Incident Response Group, description = detect Remcos in memory, rule_usage = memory scan
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Windows_Trojan_Quasarrat_e52df647 reference_sample = a58efd253a25cc764d63476931da2ddb305a0328253a810515f6735a6690de1d, os = windows, severity = x86, creation_date = 2021-06-27, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Quasarrat, fingerprint = c888f0856c6568b83ab60193f8144a61e758e6ff53f6ead8565282ae8b3a9815, id = e52df647-c197-4790-b051-8951fba80c3b, last_modified = 2021-08-23
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: implant_win_quasarrat author = Sekoia.io, description = Detect QuasarRAT (reted from samples 2023-03), creation_date = 2023-03-17, classification = TLP:CLEAR, version = 1.0, reference = https://blog.alyac.co.kr/5103, id = 492fdffc-8e5f-4225-a2eb-cd6d80e6bcb8
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: Quasar hash1 = 390c1530ff62d8f4eddff0ac13bc264cbf4183e7e3d6accf8f721ffc5250e724, author = JPCERT/CC Incident Response Group, description = detect Remcos in memory, rule_usage = memory scan
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPEDMatched rule: MALWARE_Win_QuasarRAT author = ditekSHen, description = QuasarRAT payload
      Source: libcrypto-1_1.dll.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9987735523897059
      Source: libssl-1_1.dll.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9903690732758621
      Source: python310.dll.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9989668051626591
      Source: pythoncom310.dll.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9899098376132931
      Source: sqlite3.dll.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9974886012158704
      Source: unicodedata.pyd.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9949454842032966
      Source: shell.pyd.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9900203339041096
      Source: win32ui.pyd.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9930103058510639
      Source: _ec_ws.pyd.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.997811369573955
      Source: _imaging.cp310-win_amd64.pyd.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9979345034246575
      Source: _imagingft.cp310-win_amd64.pyd.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9982498724016332
      Source: _webp.cp310-win_amd64.pyd.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9935926258992805
      Source: main.exe, 00000006.00000002.1376116768.000001C0248A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: *.vbp!
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@38/167@6/6
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Roaming\empyreanJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7016:120:WilError_03
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeMutant created: NULL
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeMutant created: \Sessions\1\BaseNamedObjects\QSR_MUTEX_u4SGx4JeBWr8883ebl
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4988:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2300:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1316:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6788:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6864:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:880:120:WilError_03
      Source: C:\Users\user\Desktop\r-c.exeFile created: C:\Users\user\AppData\Local\Temp\nsxE00F.tmpJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f"
      Source: r-c.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\main.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\main.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\main.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\Desktop\r-c.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: main.exe, 00000006.00000002.1430892545.00007FFF284E1000.00000040.00000001.01000000.00000023.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
      Source: main.exe, 00000006.00000002.1430892545.00007FFF284E1000.00000040.00000001.01000000.00000023.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
      Source: main.exe, 00000006.00000002.1430892545.00007FFF284E1000.00000040.00000001.01000000.00000023.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
      Source: main.exe, 00000006.00000002.1430892545.00007FFF284E1000.00000040.00000001.01000000.00000023.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
      Source: main.exe, 00000006.00000002.1430892545.00007FFF284E1000.00000040.00000001.01000000.00000023.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
      Source: main.exe, 00000006.00000002.1430892545.00007FFF284E1000.00000040.00000001.01000000.00000023.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
      Source: login_db.6.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
      Source: main.exe, 00000006.00000002.1430892545.00007FFF284E1000.00000040.00000001.01000000.00000023.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
      Source: r-c.exeVirustotal: Detection: 76%
      Source: r-c.exeReversingLabs: Detection: 87%
      Source: C:\Users\user\Desktop\r-c.exeFile read: C:\Users\user\Desktop\r-c.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\r-c.exe "C:\Users\user\Desktop\r-c.exe"
      Source: C:\Users\user\Desktop\r-c.exeProcess created: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe"
      Source: C:\Users\user\Desktop\r-c.exeProcess created: C:\Users\user\AppData\Local\Temp\main.exe "C:\Users\user\AppData\Local\Temp\main.exe"
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /f
      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Users\user\AppData\Local\Temp\main.exe "C:\Users\user\AppData\Local\Temp\main.exe"
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      Source: C:\Users\user\Desktop\r-c.exeProcess created: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" Jump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess created: C:\Users\user\AppData\Local\Temp\main.exe "C:\Users\user\AppData\Local\Temp\main.exe" Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /fJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Users\user\AppData\Local\Temp\main.exe "C:\Users\user\AppData\Local\Temp\main.exe" Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /fJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /fJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: slc.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: libffi-7.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: vcruntime140_1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: pdh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: libcrypto-1_1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: libssl-1_1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: libcrypto-1_1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: sqlite3.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
      Source: C:\Users\user\Desktop\r-c.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
      Source: r-c.exeStatic file information: File size 19429442 > 1048576
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb source: main.exe, 00000006.00000002.1451804461.00007FFF28C81000.00000040.00000001.01000000.00000016.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\sqlite3.pdb source: main.exe, 00000006.00000002.1430892545.00007FFF284E1000.00000040.00000001.01000000.00000023.sdmp
      Source: Binary string: ucrtbase.pdb source: main.exe, 00000006.00000002.1471151147.00007FFF29AF1000.00000002.00000001.01000000.00000008.sdmp, ucrtbase.dll.3.dr
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32crypt.pdb source: main.exe, 00000006.00000002.1423020161.00007FFF280F1000.00000040.00000001.01000000.0000003F.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\python3.pdb source: main.exe, 00000006.00000002.1340989322.000001C022DC0000.00000002.00000001.01000000.0000000B.sdmp
      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: api-ms-win-crt-heap-l1-1-0.dll.3.dr
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: main.exe, 00000003.00000003.1145040855.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1473529072.00007FFF35401000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: main.exe, 00000006.00000002.1453898491.00007FFF29084000.00000040.00000001.01000000.00000009.sdmp
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb source: main.exe, 00000006.00000002.1467466233.00007FFF299A1000.00000040.00000001.01000000.00000014.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000003.00000003.1145202910.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1475976491.00007FFF3F525000.00000002.00000001.01000000.00000015.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000006.00000002.1468759486.00007FFF29A2C000.00000040.00000001.01000000.0000000F.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_asyncio.pdb source: main.exe, 00000006.00000002.1427287776.00007FFF28251000.00000040.00000001.01000000.00000036.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: main.exe, 00000006.00000002.1468759486.00007FFF29A2C000.00000040.00000001.01000000.0000000F.sdmp
      Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.3.dr
      Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: main.exe, 00000006.00000002.1476527952.00007FFF41321000.00000040.00000001.01000000.00000012.sdmp
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb!! source: main.exe, 00000006.00000002.1466828646.00007FFF29971000.00000040.00000001.01000000.00000017.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: main.exe, 00000006.00000002.1435071530.00007FFF2878C000.00000040.00000001.01000000.00000021.sdmp
      Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.3.dr
      Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: api-ms-win-crt-time-l1-1-0.dll.3.dr
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: main.exe, 00000006.00000002.1448491768.00007FFF28BE6000.00000040.00000001.01000000.0000001C.sdmp
      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: api-ms-win-core-timezone-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: api-ms-win-core-synch-l1-2-0.dll.3.dr
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb source: main.exe, 00000006.00000002.1466828646.00007FFF29971000.00000040.00000001.01000000.00000017.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: main.exe, 00000006.00000002.1450692208.00007FFF28C31000.00000040.00000001.01000000.0000001B.sdmp
      Source: Binary string: ucrtbase.pdbUGP source: main.exe, 00000006.00000002.1471151147.00007FFF29AF1000.00000002.00000001.01000000.00000008.sdmp, ucrtbase.dll.3.dr
      Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: main.exe, 00000006.00000002.1439137715.00007FFF28A3E000.00000040.00000001.01000000.0000001D.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: main.exe, 00000003.00000003.1145202910.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1475976491.00007FFF3F525000.00000002.00000001.01000000.00000015.sdmp
      Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.3.dr
      Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb$$ source: main.exe, 00000006.00000002.1465950616.00007FFF29921000.00000040.00000001.01000000.00000018.sdmp
      Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: main.exe, 00000006.00000002.1448491768.00007FFF28BE6000.00000040.00000001.01000000.0000001C.sdmp
      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.3.dr
      Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb source: main.exe, 00000006.00000002.1465950616.00007FFF29921000.00000040.00000001.01000000.00000018.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_uuid.pdb source: main.exe, 00000006.00000002.1475621311.00007FFF3DCB1000.00000040.00000001.01000000.00000019.sdmp
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb}},GCTL source: main.exe, 00000006.00000002.1451804461.00007FFF28C81000.00000040.00000001.01000000.00000016.sdmp
      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: main.exe, 00000006.00000002.1439137715.00007FFF28A3E000.00000040.00000001.01000000.0000001D.sdmp
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000003.00000003.1145040855.0000027A56EEA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1473529072.00007FFF35401000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: main.exe, 00000006.00000002.1472821110.00007FFF353C1000.00000040.00000001.01000000.0000000C.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_sqlite3.pdb source: main.exe, 00000006.00000002.1434646811.00007FFF28661000.00000040.00000001.01000000.00000022.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: main.exe, 00000006.00000002.1476210516.00007FFF412C1000.00000040.00000001.01000000.00000013.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_overlapped.pdb source: main.exe, 00000006.00000002.1426974135.00007FFF28241000.00000040.00000001.01000000.00000037.sdmp
      Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: api-ms-win-core-string-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.3.dr
      Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: api-ms-win-core-console-l1-1-0.dll.3.dr
      Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: api-ms-win-crt-utility-l1-1-0.dll.3.dr
      Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: main.exe, 00000006.00000002.1471985258.00007FFF2E7F1000.00000040.00000001.01000000.00000011.sdmp
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb** source: main.exe, 00000006.00000002.1467466233.00007FFF299A1000.00000040.00000001.01000000.00000014.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: main.exe, 00000006.00000002.1472428520.00007FFF2E811000.00000040.00000001.01000000.0000000E.sdmp
      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: api-ms-win-core-processthreads-l1-1-1.dll.3.dr
      Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: main.exe, 00000006.00000002.1438750555.00007FFF287D1000.00000040.00000001.01000000.0000001E.sdmp
      Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: main.exe, 00000006.00000002.1439137715.00007FFF28AC0000.00000040.00000001.01000000.0000001D.sdmp
      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.3.dr
      Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32crypt.pdb!! source: main.exe, 00000006.00000002.1423020161.00007FFF280F1000.00000040.00000001.01000000.0000003F.sdmp
      Source: Binary string: C:\A\40\b\bin\amd64\pyexpat.pdb source: main.exe, 00000006.00000002.1468088522.00007FFF299D1000.00000040.00000001.01000000.00000010.sdmp
      Source: api-ms-win-core-string-l1-1-0.dll.3.drStatic PE information: 0x874983C1 [Wed Dec 4 03:53:37 2041 UTC]
      Source: main.exe.0.drStatic PE information: section name: _RDATA
      Source: libffi-7.dll.3.drStatic PE information: section name: UPX2
      Source: mfc140u.dll.3.drStatic PE information: section name: .didat
      Source: VCRUNTIME140.dll.3.drStatic PE information: section name: _RDATA
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1
      Source: initial sampleStatic PE information: section name: UPX0
      Source: initial sampleStatic PE information: section name: UPX1

      Persistence and Installation Behavior

      barindex
      Uses cmd line tools excessively to alter registry or file data
      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
      Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
      Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_ARC4.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_helpers.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\mfc140u.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ed448.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\psutil\_psutil_windows.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\libcrypto-1_1.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD5.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\unicodedata.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\win32crypt.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_keccak.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\frozenlist\_frozenlist.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_hashlib.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_uuid.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_asyncio.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imaging.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ec_ws.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cast.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\r-c.exeFile created: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_lzma.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cfb.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\yarl\_quoting_c.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_websocket.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_x25519.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\VCRUNTIME140.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ctr.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\pythoncom310.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-file-l2-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_ghash_portable.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\select.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_BLAKE2s.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\win32ui.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_ctypes.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\python310.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_Salsa20.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Util\_cpuid_c.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Math\_modexp.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\multidict\_multidict.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_queue.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\win32api.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-util-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_ssl.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD2.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\libffi-7.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_sqlite3.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_aes.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_webp.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-console-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ocb.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_overlapped.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\win32com\shell\shell.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ofb.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\ucrtbase.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\python3.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\pyexpat.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingcms.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_decimal.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA256.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD4.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\libssl-1_1.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_http_parser.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_http_writer.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-file-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Roaming\empyrean\dat.txtJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_socket.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_BLAKE2b.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\win32trace.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\pywintypes310.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_poly1305.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_des3.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Util\_strxor.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_bz2.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-louserzation-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cbc.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ed25519.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_arc2.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA384.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_ghash_clmul.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ecb.pydJump to dropped file
      Source: C:\Users\user\Desktop\r-c.exeFile created: C:\Users\user\AppData\Local\Temp\main.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Protocol\_scrypt.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingtk.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_multiprocessing.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA224.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA1.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-file-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_RIPEMD160.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_aesni.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\VCRUNTIME140_1.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_des.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\sqlite3.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\_win32sysloader.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_chacha20.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingft.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA512.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Roaming\empyrean\dat.txtJump to dropped file

      Boot Survival

      barindex
      Uses schtasks.exe or at.exe to add and modify task schedules
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /f
      Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run empyreanJump to behavior
      Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run empyreanJump to behavior

      Hooking and other Techniques for Hiding and Protection

      barindex
      Hides that the sample has been downloaded from the Internet (zone.identifier)
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeFile opened: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe:Zone.Identifier read attributes | deleteJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX

      Malware Analysis System Evasion

      barindex
      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
      Source: C:\Users\user\AppData\Local\Temp\main.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
      Source: C:\Users\user\AppData\Local\Temp\main.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
      Source: C:\Users\user\AppData\Local\Temp\main.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeMemory allocated: 2830000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeMemory allocated: 2A30000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWindow / User API: threadDelayed 424Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWindow / User API: threadDelayed 1451Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWindow / User API: threadDelayed 7970Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_helpers.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_ARC4.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\mfc140u.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ed448.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\psutil\_psutil_windows.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD5.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\unicodedata.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\win32crypt.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_keccak.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\frozenlist\_frozenlist.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_hashlib.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_uuid.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_asyncio.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imaging.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ec_ws.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cast.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_lzma.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cfb.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\yarl\_quoting_c.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_websocket.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_x25519.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ctr.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\pythoncom310.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-file-l2-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_ghash_portable.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\select.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_BLAKE2s.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\win32ui.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_ctypes.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\python310.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Util\_cpuid_c.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_Salsa20.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Math\_modexp.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\multidict\_multidict.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_queue.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\win32api.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-util-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_ssl.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD2.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_sqlite3.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_aes.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_webp.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-console-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ocb.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_overlapped.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ofb.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\win32com\shell\shell.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\python3.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\pyexpat.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingcms.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_decimal.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA256.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD4.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_http_parser.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_http_writer.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-file-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_socket.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_BLAKE2b.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\win32trace.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\pywintypes310.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_poly1305.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_des3.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Util\_strxor.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-louserzation-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_bz2.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cbc.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ed25519.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_arc2.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA384.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_ghash_clmul.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ecb.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Protocol\_scrypt.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingtk.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_multiprocessing.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA224.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA1.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-file-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_RIPEMD160.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_aesni.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_des.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\_win32sysloader.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_chacha20.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingft.cp310-win_amd64.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA512.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe TID: 4884Thread sleep count: 100 > 30Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe TID: 4884Thread sleep time: -250000s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe TID: 3020Thread sleep count: 424 > 30Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe TID: 3020Thread sleep count: 1451 > 30Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe TID: 4884Thread sleep count: 7970 > 30Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe TID: 4884Thread sleep time: -19925000s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
      Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
      Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
      Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\main.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\main.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\main.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696584680t
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696584680
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696584680p
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696584680^
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696584680n
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696584680]
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696584680x
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696584680
      Source: main.exe, 00000006.00000003.1165902747.000001C023989000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696584680s
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696584680|UE
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696584680x
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696584680u
      Source: main.exe, 00000006.00000003.1205351472.000001C025239000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NOk0OVRlXWuE9kRO+k6UnoJBFBPgyZwJTF6bqRgTtdqqM4HiTPpCp9CQDhEB36zGrI+0NRQP5SgM5FMN6SAZbKjNEUOhx+nNN9szKUMaAh616eaJSyhtX7PdGsH7Q21jBAVDT1lShFjWHQX8ZpQEmUy0zPdKR6rozZ/L5b2Qy7HRXF4aI4dcZM5cU
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696584680
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696584680
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696584680}
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696584680x
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696584680t
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696584680
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696584680
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696584680~
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696584680}
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696584680
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696584680h
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696584680
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696584680z
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696584680o
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696584680f
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696584680
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696584680
      Source: main.exe, 00000006.00000003.1165902747.000001C0239B1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1350480655.000001C0239AC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1310095640.000001C023971000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllL
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696584680j
      Source: main.exe, 00000006.00000003.1204280962.000001C025278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696584680d
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeMemory allocated: page read and write | page guardJump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess created: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" Jump to behavior
      Source: C:\Users\user\Desktop\r-c.exeProcess created: C:\Users\user\AppData\Local\Temp\main.exe "C:\Users\user\AppData\Local\Temp\main.exe" Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /fJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Users\user\AppData\Local\Temp\main.exe "C:\Users\user\AppData\Local\Temp\main.exe" Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /fJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /fJump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\ucrtbase.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\_ctypes.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\_bz2.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\_lzma.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pyexpat.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\_socket.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\select.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\_queue.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pywintypes310.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pythoncom310.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\win32api.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\win32com VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\win32com VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\win32com VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpq5wi8wq7 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\_decimal.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\_uuid.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\psutil VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\psutil VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\psutil VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\_ssl.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\_hashlib.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer\md.cp310-win_amd64.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer\md__mypyc.cp310-win_amd64.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002\unicodedata.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\main.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57002 VolumeInformationJump to behavior
      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

      Stealing of Sensitive Information

      barindex
      Yara detected Discord Token Stealer
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\main.exe, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\empyrean\dat.txt, type: DROPPED
      Yara detected Empyrean
      Source: Yara matchFile source: Process Memory Space: main.exe PID: 3968, type: MEMORYSTR
      Yara detected Quasar RAT
      Source: Yara matchFile source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Windows MicroSoft Smart.exe PID: 4360, type: MEMORYSTR
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPED
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\glean\eventsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\archivedJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pingsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\webappsstore.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\glean\tmpJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\bookmarkbackupsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.filesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanentJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\defaultJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\3561288849sdhlie.filesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\ls-archive.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.filesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.filesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\temporaryJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\gleanJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.filesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\archived\2023-10Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\minidumpsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\glean\pending_pingsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\to-be-removedJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storageJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backupsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chromeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\glean\dbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\permissions.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\security_stateJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\2918063365piupsah.filesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-releaseJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareportingJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m8f4v4pw.defaultJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\protections.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\eventsJump to behavior
      Yara detected Generic Python Stealer
      Source: Yara matchFile source: Process Memory Space: main.exe PID: 3968, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: main.exe PID: 3968, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Detected Empyrean Stealer
      Source: C:\Users\user\AppData\Local\Temp\main.exeFile created: C:\Users\user\AppData\Roaming\empyrean\dat.txtJump to behavior
      Detected Quasar RAT
      Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exeMutex created: \Sessions\1\BaseNamedObjects\QSR_MUTEX_u4SGx4JeBWr8883eblJump to behavior
      Yara detected Discord Token Stealer
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\main.exe, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\empyrean\dat.txt, type: DROPPED
      Yara detected Empyrean
      Source: Yara matchFile source: Process Memory Space: main.exe PID: 3968, type: MEMORYSTR
      Yara detected Quasar RAT
      Source: Yara matchFile source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Windows MicroSoft Smart.exe PID: 4360, type: MEMORYSTR
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, type: DROPPED
      Yara detected Generic Python Stealer
      Source: Yara matchFile source: Process Memory Space: main.exe PID: 3968, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information1
      Scripting      		Valid Accounts141
      Windows Management Instrumentation      		1
      Scripting      		1
      DLL Side-Loading      		1
      Disable or Modify Tools      		1
      OS Credential Dumping      		1
      File and Directory Discovery      		Remote Services1
      Data from Local System      		1
      Ingress Tool Transfer      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      Command and Scripting Interpreter      		1
      DLL Side-Loading      		11
      Process Injection      		1
      Obfuscated Files or Information      		LSASS Memory34
      System Information Discovery      		Remote Desktop ProtocolData from Removable Media2
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts1
      Scheduled Task/Job      		1
      Scheduled Task/Job      		1
      Scheduled Task/Job      		11
      Software Packing      		Security Account Manager231
      Security Software Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Non-Standard Port      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCron1
      Registry Run Keys / Startup Folder      		1
      Registry Run Keys / Startup Folder      		1
      Timestomp      		NTDS14
      Virtualization/Sandbox Evasion      		Distributed Component Object ModelInput Capture2
      Remote Access Software      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets1
      Process Discovery      		SSHKeylogging2
      Non-Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
      Masquerading      		Cached Domain Credentials1
      Application Window Discovery      		VNCGUI Input Capture113
      Application Layer Protocol      		Data Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      Modify Registry      		DCSync1
      System Network Configuration Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job14
      Virtualization/Sandbox Evasion      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
      Process Injection      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
      Hidden Files and Directories      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1629307 Sample: r-c.exe Startdate: 04/03/2025 Architecture: WINDOWS Score: 100 74 caidume1368.ddns.net 2->74 76 www.cloudflare.com 2->76 78 4 other IPs or domains 2->78 86 Suricata IDS alerts for network traffic 2->86 88 Malicious sample detected (through community Yara rule) 2->88 90 Antivirus detection for dropped file 2->90 94 10 other signatures 2->94 10 r-c.exe 10 2->10         started        signatures3 92 Uses dynamic DNS services 74->92 process4 file5 58 C:\Users\user\AppData\Local\Temp\main.exe, PE32+ 10->58 dropped 60 C:\Users\user\...\Windows MicroSoft Smart.exe, PE32 10->60 dropped 13 main.exe 176 10->13         started        17 Windows MicroSoft Smart.exe 15 2 10->17         started        process6 dnsIp7 62 C:\Users\...\_quoting_c.cp310-win_amd64.pyd, PE32+ 13->62 dropped 64 C:\Users\user\AppData\Local\...\win32ui.pyd, PE32+ 13->64 dropped 66 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 13->66 dropped 68 126 other malicious files 13->68 dropped 102 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 13->102 20 main.exe 22 13->20         started        70 caidume1368.ddns.net 27.70.212.17, 49699, 8848 VIETEL-AS-APViettelGroupVN Viet Nam 17->70 72 ip-api.com 208.95.112.1, 49698, 80 TUT-ASUS United States 17->72 104 Detected Quasar RAT 17->104 106 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->106 25 schtasks.exe 1 17->25         started        file8 signatures9 process10 dnsIp11 80 raw.githubusercontent.com 185.199.111.133, 443, 49707 FASTLYUS Netherlands 20->80 82 www.cloudflare.com 104.16.124.96, 443, 49712 CLOUDFLARENETUS United States 20->82 84 2 other IPs or domains 20->84 56 C:\Users\user\AppData\Roaming\...\dat.txt, PE32+ 20->56 dropped 96 Detected Empyrean Stealer 20->96 98 Tries to harvest and steal browser information (history, passwords, etc) 20->98 27 cmd.exe 1 20->27         started        30 cmd.exe 1 20->30         started        32 cmd.exe 1 20->32         started        36 3 other processes 20->36 34 conhost.exe 25->34         started        file12 signatures13 process14 signatures15 100 Uses cmd line tools excessively to alter registry or file data 27->100 38 conhost.exe 27->38         started        40 reg.exe 1 27->40         started        42 conhost.exe 30->42         started        44 reg.exe 1 1 30->44         started        46 conhost.exe 32->46         started        48 conhost.exe 36->48         started        50 WMIC.exe 36->50         started        52 conhost.exe 36->52         started        54 3 other processes 36->54 process16

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      r-c.exe76%VirustotalBrowse
      r-c.exe88%ReversingLabsByteCode-MSIL.Backdoor.Quasar
      r-c.exe100%AviraHEUR/AGEN.1338659

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe100%AviraHEUR/AGEN.1305744
      C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe92%ReversingLabsByteCode-MSIL.Backdoor.Quasar
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_Salsa20.pyd4%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_chacha20.pyd4%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_BLAKE2b.pyd4%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD2.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD4.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD5.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA1.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA224.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA256.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA384.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA512.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_keccak.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_poly1305.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Math\_modexp.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_x25519.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Util\_strxor.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imaging.cp310-win_amd64.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingcms.cp310-win_amd64.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingft.cp310-win_amd64.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingtk.cp310-win_amd64.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_webp.cp310-win_amd64.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\VCRUNTIME140.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\VCRUNTIME140_1.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\_asyncio.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\_bz2.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\_ctypes.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\_decimal.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\_hashlib.pyd4%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI57002\_lzma.pyd0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://timgolden.me.uk/python/wmi.htmlread0%Avira URL Cloudsafe
      https://pygments.org/docs/lexers/)0%Avira URL Cloudsafe
      http://ocsp.accv.esk0%Avira URL Cloudsafe
      http://repository.swisssign.com/y0%Avira URL Cloudsafe
      https://pygments.org/docs/styles/#getting-a-list-of-available-styles).0%Avira URL Cloudsafe
      http://repository.swisssign.com/a0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      ipapi.co
      		104.26.8.44
      		truefalse
        		high
        discord.com
        		162.159.136.232
        		truefalse
          		high
          www.cloudflare.com
          		104.16.124.96
          		truefalse
            		high
            raw.githubusercontent.com
            		185.199.111.133
            		truefalse
              		high
              ip-api.com
              		208.95.112.1
              		truefalse
                		high
                caidume1368.ddns.net
                		27.70.212.17
                		truetrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://ip-api.com/json/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://discord.com/channels/main.exe, 00000006.00000002.1404094524.000001C025C90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1406493332.000001C025D90000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/giampaolo/psutil/issues/875.main.exe, 00000006.00000002.1376116768.000001C0248A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1185894594.000001C023A2C000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/python-attrs/attrs/issues/251main.exe, 00000006.00000003.1176875471.000001C023B16000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1308556080.000001C023B01000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1179262233.000001C023B18000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1352477033.000001C023B01000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://crl.dhimyotis.com/certignarootca.crl0main.exe, 00000006.00000003.1220521710.000001C024114000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C024110000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1205641226.000001C024113000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://i.scdn.co/image/main.exe, 00000006.00000002.1404094524.000001C025C90000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://discord.com/developers/applications/main.exe, 00000006.00000002.1378445255.000001C024AF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023FE2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1392769308.000001C0255F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/aio-libs/aiohttp/discussions/6044main.exe, 00000006.00000002.1397217410.000001C025910000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1300690744.000001C024EB3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1385930966.000001C024EC2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1311540191.000001C024EC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://python.orgmain.exe, 00000006.00000002.1392769308.000001C0255F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://python.org/dev/peps/pep-0263/main.exe, 00000006.00000002.1453898491.00007FFF29084000.00000040.00000001.01000000.00000009.sdmpfalse
                                      		high
                                      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#main.exe, 00000006.00000003.1312999146.000001C0214BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C0214EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C0214A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1326897532.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1340358971.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313998357.000001C02149C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1166559330.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1340232097.000001C02149F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C02149F000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.leboncoin.fr/main.exe, 00000006.00000003.1224414395.000001C0272A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1413819506.000001C026138000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://discord.com/api/vmain.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://timgolden.me.uk/python/wmi.htmlreadmain.exe, 00000006.00000002.1408893129.000001C025E90000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://github.com/pypa/packagingmain.exe, 00000006.00000002.1361261858.000001C024120000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://ipapi.co/ip/main.exe, 00000006.00000002.1413819506.000001C026138000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.opensource.org/licenses/mit-license.phpmain.exe, 00000006.00000002.1408893129.000001C025E90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://repository.swisssign.com/amain.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://refspecs.linuxfoundation.org/elf/gabi4main.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.msn.commain.exe, 00000006.00000003.1224414395.000001C027218000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1222568591.000001C025258000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1416382023.000001C0272E8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963main.exe, 00000006.00000003.1314970203.000001C023DF1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1356902497.000001C023DF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/python-attrs/attrs/issues/136main.exe, 00000006.00000003.1176875471.000001C023AF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://goo.gl/zeJZlmain.exe, 00000006.00000002.1376116768.000001C0248A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://tools.ietf.org/html/rfc3610main.exe, 00000006.00000003.1183723278.000001C02410F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1337326203.000001C02411C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313605401.000001C0235D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crl.dhimyotis.com/certignarootca.crlmain.exe, 00000006.00000003.1307583187.000001C0250D9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C023F1C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C02402C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1330286775.000001C025245000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1211757850.000001C025238000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://curl.haxx.se/rfc/cookie_spec.htmlmain.exe, 00000006.00000002.1382768933.000001C024CF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodemain.exe, 00000006.00000002.1392769308.000001C0255F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://discord.com/oauth2/authorize?client_id=main.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://zopeinterface.readthedocs.io/en/latest/main.exe, 00000006.00000003.1324300992.000001C023D3D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxymain.exe, 00000006.00000002.1378445255.000001C024AF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://wwww.certigna.fr/autorites/0mmain.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302766786.000001C0250D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024114000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C024110000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245206430.000001C025098000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1205641226.000001C024113000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1316116550.000001C024031000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C024031000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307583187.000001C0250D9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C02402C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1330286775.000001C025245000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1211757850.000001C025238000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readermain.exe, 00000006.00000003.1312999146.000001C0214BE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C0214EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C0214A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1326897532.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1340358971.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1313998357.000001C02149C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1166559330.000001C0214F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1340232097.000001C02149F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1161322489.000001C02149F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.amazon.com/main.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://crl.xrampsecurity.com/XGCA.crlexmain.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://httpbin.org/main.exe, 00000006.00000003.1190758245.000001C024050000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlmain.exe, 00000006.00000003.1164788594.000001C023978000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.youtube.com/main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://discord.com/api/webhooks/main.exe, 00000006.00000002.1408893129.000001C025E90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024022000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535main.exe, 00000006.00000002.1352152399.000001C023A7F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1185894594.000001C023A2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://repository.swisssign.com/ymain.exe, 00000006.00000002.1392507424.000001C025541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1297957079.000001C025537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://MD8.mozilla.org/1/mmain.exe, 00000006.00000003.1224414395.000001C027230000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C0271E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.bbc.co.uk/main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://wiki.debian.org/XDGBaseDirectorySpecification#statemain.exe, 00000006.00000003.1312999146.000001C021509000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://crl.securetrust.com/STCA.crlmain.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1205567678.000001C0251E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245447145.000001C02506D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307303935.000001C0253BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://nsis.sf.net/NSIS_Errorr-c.exefalse
                                                                                                      		high
                                                                                                      http://www.quovadisglobal.com/cpszmain.exe, 00000006.00000002.1390872864.000001C0251F2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1335953322.000001C0251F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://bugzilla.momain.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391797981.000001C0252D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246207077.000001C025307000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1244021514.000001C025109000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246952723.000001C024063000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025106000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1304662600.000001C0252CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.3main.exe, 00000006.00000002.1378445255.000001C024AF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://docs.aiohttp.org/en/stable/client_advanced.html#client-tracingmain.exe, 00000006.00000003.1321116654.000001C024E61000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183635679.000001C024E8F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1333293049.000001C024FBB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183552863.000001C024EB4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1305128675.000001C024E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.cert.fnmt.es/dpcs/main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1305128675.000001C024E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://google.com/mailmain.exe, 00000006.00000003.1183723278.000001C023F79000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1326505507.000001C023F79000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307678048.000001C023EE7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C023F7F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1317316982.000001C023EF7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1332002607.000001C023F7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/jaraco/jaraco.functools/issues/5main.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.accv.es00main.exe, 00000006.00000003.1309576599.000001C023E0F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1344408236.000001C023529000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391797981.000001C0252D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246952723.000001C024063000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314367924.000001C023E12000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1304662600.000001C0252CF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1357249100.000001C023E12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmmain.exe, 00000006.00000003.1164788594.000001C023978000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.rfc-editor.org/info/rfc7253main.exe, 00000006.00000003.1324300992.000001C023D7A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.iqiyi.com/main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.main.exe, 00000006.00000002.1356902497.000001C023DF2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1323861334.000001C023DF0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023DF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://crl.securetrust.com/STCA.crls.IFD.Make%Pmain.exe, 00000006.00000003.1205567678.000001C0251E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://mahler:8092/site-updates.pymain.exe, 00000006.00000003.1183723278.000001C024002000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C02401F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322724372.000001C02401F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C024022000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.cloudflare.com/cdn-cgi/tracemain.exe, 00000006.00000002.1413819506.000001C026124000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://cdnjs.cloudflare.com/ajax/libs/firacode/6.2.0/woff/FiraCode-Regular.woffmain.exe, 00000006.00000003.1326270505.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1177772163.000001C023F58000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1359036535.000001C023F85000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1303366394.000001C023F85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/pypa/packagingutemain.exe, 00000006.00000002.1361261858.000001C024120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.firmaprofesional.com/cps0main.exe, 00000006.00000002.1352152399.000001C023A7F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C02405E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1309886496.000001C02554E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1243245891.000001C025534000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1297957079.000001C025537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://docs.python.org/3/library/re.html#re.submain.exe, 00000006.00000002.1347532555.000001C023820000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1168891836.000001C023D93000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1168891836.000001C023DEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://crl.xrampsecurity.com/XGCA.crlROR_CLUSmain.exe, 00000006.00000003.1244021514.000001C0250FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://ocsp.accv.eskmain.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                http://crl.securetrust.com/SGCA.crl0main.exe, 00000006.00000002.1388543388.000001C024FA2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://crl.securetrust.com/SGCA.crl1main.exe, 00000006.00000003.1243824418.000001C025234000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://open.spotify.com/track/main.exe, 00000006.00000002.1404094524.000001C025C90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://account.bellmedia.cmain.exe, 00000006.00000003.1224414395.000001C027218000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1303057263.000001C02525B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1222568591.000001C025258000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1416382023.000001C0272E8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://gist.github.com/XVilka/8346728main.exe, 00000006.00000003.1307678048.000001C023EC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://login.microsoftonline.commain.exe, 00000006.00000003.1224414395.000001C027230000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000002.1416382023.000001C0272F8000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027204000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://raw.githubusercontent.com/addi00000/empyrean-injection/main/obfuscated.jsmain.exe, 00000006.00000002.1413819506.000001C026110000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.quovadisglobal.com/cps0main.exe, 00000006.00000003.1204468947.000001C02516C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1244021514.000001C0250DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1297957079.000001C025537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/Rapptz/discord.pymain.exe, 00000006.00000002.1401770832.000001C025B90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/pyparsing/pyparsing/wikimain.exe, 00000006.00000003.1320701844.000001C023984000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.zhihu.com/main.exe, 00000006.00000003.1224414395.000001C0271E0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C0272A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://pygments.org/docs/styles/#getting-a-list-of-available-styles).main.exe, 00000006.00000003.1183723278.000001C023F68000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C02402C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://docs.python.org/library/itertools.html#recipesmain.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbcamain.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.cert.fnmt.es/dpcs/nmain.exe, 00000006.00000003.1204468947.000001C025097000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/main.exe, 00000006.00000003.1326326520.000001C023955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.amazon.co.uk/main.exe, 00000006.00000003.1224414395.000001C027260000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://ocsp.accv.es0main.exe, 00000006.00000003.1245713691.000001C0251F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391797981.000001C0252D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1204468947.000001C025065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024056000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1246952723.000001C024063000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1304662600.000001C0252CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://media.discordapp.net/main.exe, 00000006.00000002.1404094524.000001C025C90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://www.python.org/main.exe, 00000006.00000003.1183723278.000001C024002000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1298285640.000001C02401F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1322724372.000001C02401F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C024022000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://pygments.org/docs/lexers/)main.exe, 00000006.00000003.1322724372.000001C024033000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1358483751.000001C023F5F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1220521710.000001C024022000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1179563537.000001C024032000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024032000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1247659098.000001C024031000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C024032000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1316116550.000001C024031000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C023F68000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1360027418.000001C02402C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://www.python.org/dev/peps/pep-0205/main.exe, 00000006.00000002.1352731763.000001C023B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://crl.securetrust.com/SGCA.crlzmain.exe, 00000006.00000003.1302075681.000001C0253AD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1391891198.000001C0253BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1307303935.000001C0253BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.wykop.pl/main.exe, 00000006.00000003.1224414395.000001C027230000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://twitter.com/main.exe, 00000006.00000003.1331827167.000001C02404C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334376990.000001C023949000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1183723278.000001C024032000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1190758245.000001C024050000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://docs.python.org/3/library/pprint.html#pprint.pprintmain.exe, 00000006.00000003.1334376990.000001C023949000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.olx.pl/main.exe, 00000006.00000003.1224414395.000001C0271E0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C0272A0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000006.00000003.1224414395.000001C027290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://support.mozilla.org/products/firefoxmain.exe, 00000006.00000003.1212789399.000001C025261000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1389588174.000001C0250F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1244021514.000001C0250DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://www.quovadisglobal.com/cpsmain.exe, 00000006.00000003.1324300992.000001C023D48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://github.com/pyinstaller/pyinstaller.COPYING.txt.3.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://google.com/mail/main.exe, 00000006.00000003.1332002607.000001C023F70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://google.com/mail/main.exe, 00000006.00000003.1336559276.000001C023A93000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000002.1352326325.000001C023ABC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://tools.ietf.org/html/rfc5297main.exe, 00000006.00000002.1385441206.000001C024E3B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1334978964.000001C023D78000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1314970203.000001C023D5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000006.00000003.1305128675.000001C024E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              104.26.8.44
                                                                                                                                                                                                              		ipapi.coUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              208.95.112.1
                                                                                                                                                                                                              		ip-api.comUnited States
                                                                                                                                                                                                              		53334TUT-ASUSfalse
                                                                                                                                                                                                              162.159.136.232
                                                                                                                                                                                                              		discord.comUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              27.70.212.17
                                                                                                                                                                                                              		caidume1368.ddns.netViet Nam
                                                                                                                                                                                                              		7552VIETEL-AS-APViettelGroupVNtrue
                                                                                                                                                                                                              185.199.111.133
                                                                                                                                                                                                              		raw.githubusercontent.comNetherlands
                                                                                                                                                                                                              		54113FASTLYUSfalse
                                                                                                                                                                                                              104.16.124.96
                                                                                                                                                                                                              		www.cloudflare.comUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                              Analysis ID:1629307
                                                                                                                                                                                                              Start date and time:2025-03-04 16:00:44 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 8m 14s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:33
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Sample name:r-c.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@38/167@6/6
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 4.175.87.197, 23.60.203.209, 13.107.246.60
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              10:01:56API Interceptor3x Sleep call for process: WMIC.exe modified
                                                                                                                                                                                                              10:02:22API Interceptor1758797x Sleep call for process: Windows MicroSoft Smart.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              104.26.8.44https://regcompany.marrkone.com/ssddcw/e095cdfe/?aef2d=cmFsaUBiYW5lc2NvdXNhLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                https://regcompany.marrkone.com/ssddcw/e095cdfe/?aef2d=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  https://drdonnyru.github.io/List-of-Works/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    https://verification-center-1000262201.ceciliadiamonds.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      http://case-id-1000292829266402.mashstaffing.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        http://case-id-1000292829268677.mashstaffing.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          http://case-id-1000292829267061.mashstaffing.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            http://case-id-1000292829266691.mashstaffing.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              http://verification-center-00225526.iwantfoundation.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                http://verification-center-00225358.iwantfoundation.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  208.95.112.1ORDER_66688IO875545422245.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  morninghtaaaafilex.htaGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  PO81025.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  reset.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  StormKittyBuild (3).exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  ZZZ.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  ConsoleApplication4.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  Runtime Broker.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting

                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  raw.githubusercontent.comSetup.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 185.199.108.133
                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                                  reset.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 185.199.111.133
                                                                                                                                                                                                                                  StormKittyBuild (3).exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 185.199.111.133
                                                                                                                                                                                                                                  ZZZ.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                                  ConsoleApplication4.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                                  @echo off.batGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                                  SecuriteInfo.com.Variant.Cerbu.195233.16874.22200.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                                  SecuriteInfo.com.Variant.Cerbu.195233.16874.22200.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                                  wcae.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 185.199.111.133
                                                                                                                                                                                                                                  www.cloudflare.comhttps://reformassegura.com/0/?send_id=eh&tvi2_RxT=mail.smarshmail.com/owa/39ed0cbe-ce68-4e0f-b376-82fc5fc086ec%40exch125.serverpod.net&e=bGFyZWl0YS5odW50ZXJAcXZjLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.16.123.96
                                                                                                                                                                                                                                  https://u1.tightlyreporter.shop/sosalkino.movGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.16.123.96
                                                                                                                                                                                                                                  https://u1.tightlyreporter.shop/sosalkino.movGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.16.124.96
                                                                                                                                                                                                                                  https://96b85a9e.hunt-1mt.pages.dev/bmmsGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.16.123.96
                                                                                                                                                                                                                                  4338471.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.16.124.96
                                                                                                                                                                                                                                  http://uhsee.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.16.124.96
                                                                                                                                                                                                                                  http://config-net.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.16.124.96
                                                                                                                                                                                                                                  https://biggerme.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.16.124.96
                                                                                                                                                                                                                                  http://dapprepositor.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.16.123.96
                                                                                                                                                                                                                                  http://dana12-92w.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.16.123.96
                                                                                                                                                                                                                                  discord.comSilverClient.exeGet hashmaliciousAsyncRAT, SilverRatBrowse
                                                                                                                                                                                                                                  • 162.159.138.232
                                                                                                                                                                                                                                  1ZXaFij.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                  • 162.159.138.232
                                                                                                                                                                                                                                  Dash.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                                                  • 162.159.135.232
                                                                                                                                                                                                                                  PhantomC2.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                  • 162.159.137.232
                                                                                                                                                                                                                                  node.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 162.159.138.232
                                                                                                                                                                                                                                  node.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 162.159.137.232
                                                                                                                                                                                                                                  https://dl.dropboxusercontent.com/scl/fi/q6b8v43zm2qef4eevt1kv/itaou_ddos_client.zip?rlkey=1exycqq44csr7p13g7tvcjudm&st=eyla04ly&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 162.159.136.232
                                                                                                                                                                                                                                  91sd4bHhSZ.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                                                                  • 162.159.137.232
                                                                                                                                                                                                                                  3Lw8TDhz3z.exeGet hashmaliciousHackBrowser, DCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, Xmrig, zgRATBrowse
                                                                                                                                                                                                                                  • 162.159.136.232
                                                                                                                                                                                                                                  91sd4bHhSZ.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                                                                  • 162.159.135.232
                                                                                                                                                                                                                                  ipapi.cohttps://regcompany.marrkone.com/ssddcw/e095cdfe/?aef2d=cmFsaUBiYW5lc2NvdXNhLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.26.8.44
                                                                                                                                                                                                                                  https://regcompany.marrkone.com/ssddcw/e095cdfe/?aef2d=cmFsaUBiYW5lc2NvdXNhLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.26.9.44
                                                                                                                                                                                                                                  https://regcompany.marrkone.com/ssddcw/e095cdfe/?aef2d=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.26.8.44
                                                                                                                                                                                                                                  https://dsxblvhbb.cc.rs6.net/tn.jsp?f=001TXtKakcQ7vE4xqW7mwjmKtJKzO9kZ_zZULwBFGiRix1v2nWQXYCP0IL0KZiiDNwN7mY_tU7e12Rk2qQLLRy1pO6i-ZcdYXrG3QTHKzkMuUJm3yf4G97TKMEQ1oiE7nznf5WboiI_chK4aDt8cC0CltPSzL7UStnWUCL8x773BaUWNkqNVQAG7Cgi0PJU9aLfmi-RPswVl-C0Z0y4UEgjD4750UoxaotA8yHUv3BW-YZmu5hljnHGIA==&c=xrmeK5jeAb2PUgQiH5_gsMZa1v3hmOwkqXCvH6luBtwv2sM5rfug7Q==&ch=23Sp9vLfEd-4Q1iYHI0R4o-SgZCOqeNc11ME4id7usJZZdZbno085g==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.21.32.1
                                                                                                                                                                                                                                  https://storage.googleapis.com/mokhtarabdilah/f-incgrp01.html#4qNfNs102759VNtL653wzimcwzwgi338XKVBUGHIIFOTIRG89013JQUH2654Q31Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.26.9.44
                                                                                                                                                                                                                                  ajt6dq7d.txt.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 172.67.69.226
                                                                                                                                                                                                                                  https://verification-center-10003235723.bridalgallerymaryville.com/?support-id-10015433Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.21.96.1
                                                                                                                                                                                                                                  https://verification-center-10003231800.bridalgallerymaryville.com/?support-id-10015433Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.21.64.1
                                                                                                                                                                                                                                  https://account-5015433.bakoweb.com/?support-id-10015433Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.21.32.1
                                                                                                                                                                                                                                  https://kol.vin/@azonus9yGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.21.16.1

                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  CLOUDFLARENETUS57d92ae16c8766995a28d8a6b9f579739324d9e090bea.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                                                                  • 104.26.1.231
                                                                                                                                                                                                                                  Re_ 23-005 Mosquito Control - Stonhard Subcontractor SOV request; PRN011991.emlGet hashmaliciousInvisible JSBrowse
                                                                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                                                                  https://mylarbagdesigns.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.18.95.41
                                                                                                                                                                                                                                  https://www.7-star.kr/forward.php?url=https://nadn0s9.vercel.appGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.17.24.14
                                                                                                                                                                                                                                  https://choomtopsoal.net/afu.php?zoneid=6906804&var=6906804&rid=ksX-wKK1z8yLZCaWKyzJyw==&rhd=false&ab2r=0&sf=1&os=windows&os_version=10.0.0&is_mobile=false&browser_version=117.0.5938.134Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.18.41.22
                                                                                                                                                                                                                                  57d92ae16c8766995a28d8a6b9f579739324d9e090bea.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                                                                  • 172.67.68.212
                                                                                                                                                                                                                                  8ab19998dc86c27d89cf727862b67a397c5fcba459c86.exeGet hashmaliciousNetSupport RAT, LummaC StealerBrowse
                                                                                                                                                                                                                                  • 104.21.88.16
                                                                                                                                                                                                                                  FACTURAS PENDIENTES.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                  • 104.21.112.1
                                                                                                                                                                                                                                  HBL ASNLRU-20241001 & 20241002.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                  • 104.21.32.1
                                                                                                                                                                                                                                  https://getrunkhomuto.info/aVBHWG5WMzRlDD08Dz0rGTIEEFslNXZsIQoFN202HmE9C10gdiY6GlRgYSoLDW12fh0EbXZuSAJtYS5TWH50bEBaZmlsSBokNGVeTyA1NlNZdiI1DFRgYSwHDW12aVtYZnVgSBsoPmVfUGJ3B19ZaHd%2BBwczemlaTyV6a11ZZHFgXlBjdG1cWGB%2Bfg8ONSRlX15kd2BbXmR0akgPI3ppSAQyLDpTW2F0dlxYaXFpWFtgc25XWWhyfhwMNnowGh0gNH1dKHV1HktbFjQsQAo4JiwPBzcodg0GPWJqKAFlYmooDipiaigbYHRoX1tldmhdXHV1HgcNfi8sAwV2KCscVDEkPRQdIi41HUcgJj8LGn4jPRhPOjQsU1l2IjYcVGBhNA0cMXo1ARM5KzQPTGIBbUBZdXVoRh45KTwBHiNial4HJGJqXlhgaWhLWhJial4eOSluWkxjBX1cWShxbEdMYnc5Hhk8Ii8LCzsuLEtbFnJrWUdjcX1cWXgsMBoEPGJqLUxidzQHAjVial4ONSQzAUB1dWgNASIoNQtMYgFpXVp%2Bd3ZeR2Bial4aMSE5HAB1dR5bWmdpa1hPJD08U0RoYS0CBjN6fgcPbXd%2BDR1tdH4NHTN6YUg2YQYqO1RhcGxeUWZ2YVpdaXFtSBwkNWlTWWF9bllTZHdsXk8lMypcVGBhLRobY3poSBwkNWxTWXYyLBxcbXd%2BGx0icWVeTyUzKllUYGEuDwU5I2VfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.18.41.22
                                                                                                                                                                                                                                  CLOUDFLARENETUShttps://arohx.cfd/mweb/mm2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                                                                  57d92ae16c8766995a28d8a6b9f579739324d9e090bea.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                                                                  • 104.26.1.231
                                                                                                                                                                                                                                  Re_ 23-005 Mosquito Control - Stonhard Subcontractor SOV request; PRN011991.emlGet hashmaliciousInvisible JSBrowse
                                                                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                                                                  https://mylarbagdesigns.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 104.18.95.41
                                                                                                                                                                                                                                  https://www.7-star.kr/forward.php?url=https://nadn0s9.vercel.appGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.17.24.14
                                                                                                                                                                                                                                  https://choomtopsoal.net/afu.php?zoneid=6906804&var=6906804&rid=ksX-wKK1z8yLZCaWKyzJyw==&rhd=false&ab2r=0&sf=1&os=windows&os_version=10.0.0&is_mobile=false&browser_version=117.0.5938.134Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.18.41.22
                                                                                                                                                                                                                                  57d92ae16c8766995a28d8a6b9f579739324d9e090bea.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                                                                  • 172.67.68.212
                                                                                                                                                                                                                                  8ab19998dc86c27d89cf727862b67a397c5fcba459c86.exeGet hashmaliciousNetSupport RAT, LummaC StealerBrowse
                                                                                                                                                                                                                                  • 104.21.88.16
                                                                                                                                                                                                                                  FACTURAS PENDIENTES.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                  • 104.21.112.1
                                                                                                                                                                                                                                  HBL ASNLRU-20241001 & 20241002.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                  • 104.21.32.1
                                                                                                                                                                                                                                  TUT-ASUSORDER_66688IO875545422245.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  morninghtaaaafilex.htaGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  PO81025.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  reset.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  StormKittyBuild (3).exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  ZZZ.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  ConsoleApplication4.exeGet hashmaliciousAveMaria, Clipboard Hijacker, StormKittyBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  Runtime Broker.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  VIETEL-AS-APViettelGroupVNna.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                  • 27.73.180.171
                                                                                                                                                                                                                                  jklarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 115.73.120.194
                                                                                                                                                                                                                                  nklarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 116.104.95.116
                                                                                                                                                                                                                                  mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 116.97.243.249
                                                                                                                                                                                                                                  nabppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 171.228.160.75
                                                                                                                                                                                                                                  nabsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 27.75.165.201
                                                                                                                                                                                                                                  splarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 171.250.253.135
                                                                                                                                                                                                                                  nabarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 115.73.120.92
                                                                                                                                                                                                                                  arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 115.76.196.201
                                                                                                                                                                                                                                  splspc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 27.77.65.91

                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_ARC4.pydNEVER OPEN!.exeGet hashmaliciousPython Stealer, Empyrean, Discord Token StealerBrowse
                                                                                                                                                                                                                                    Bootstrapper V1.19.exeGet hashmaliciousPython Stealer, Empyrean, Discord Token StealerBrowse
                                                                                                                                                                                                                                      VXLauncher.exeGet hashmaliciousEmpyrean, Discord Token StealerBrowse
                                                                                                                                                                                                                                        LisectAVT_2403002A_210.exeGet hashmaliciousPython Stealer, Empyrean, Discord Token StealerBrowse
                                                                                                                                                                                                                                          Restortion.clinic.exeGet hashmaliciousEmpyrean, Discord Token StealerBrowse
                                                                                                                                                                                                                                            0x000700000001ac52-36.exeGet hashmaliciousPython Stealer, Empyrean, Discord Token StealerBrowse
                                                                                                                                                                                                                                              8Zi7xnKKw7.exeGet hashmaliciousPython Stealer, DCRat, Discord Token Stealer, EmpyreanBrowse
                                                                                                                                                                                                                                                J54GP6x3r4.exeGet hashmaliciousDCRat, Discord Token Stealer, EmpyreanBrowse
                                                                                                                                                                                                                                                  Bypass1.exeGet hashmaliciousPython Stealer, Discord Token Stealer, EmpyreanBrowse
                                                                                                                                                                                                                                                    main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, EmpyreanBrowse

                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\r-c.exe
                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):356352
                                                                                                                                                                                                                                                      Entropy (8bit):6.435598729715493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:hONHXf500Mia+QaOgUM0+Shjb8uDfxLec5fBPptXc5EJPUP:4d50GQpgJvC/zxCc7ptX+EJPUP
                                                                                                                                                                                                                                                      MD5:180BE3F662E15DA43341827D6E54BF69
                                                                                                                                                                                                                                                      SHA1:044DEE513F46936427CC6AEBB7609EA2F11CD15D
                                                                                                                                                                                                                                                      SHA-256:8070F668EDE4F1BC1293FD56C0191F5C7B97835842BCE145DA97AE5FF5526F82
                                                                                                                                                                                                                                                      SHA-512:6BB48AADDD65E6EA7E8EFA584261DF0D5ACE0513777343852D8CF2FAC75315694DD2BE0360B219C55A7A07D9E0485D9F4F059C04F1D69E5858FD23DCF7D2FBCD
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_Quasarrat_e52df647, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: unknown
                                                                                                                                                                                                                                                      • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: Quasar_RAT_2, Description: Detects Quasar RAT, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: MAL_QuasarRAT_May19_1, Description: Detects QuasarRAT malware, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: Vermin_Keylogger_Jan18_1, Description: Detects Vermin Keylogger, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: xRAT_1, Description: Detects Patchwork malware, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: CN_disclosed_20180208_KeyLogger_1, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: implant_win_quasarrat, Description: Detect QuasarRAT (reted from samples 2023-03), Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Sekoia.io
                                                                                                                                                                                                                                                      • Rule: Quasar, Description: detect Remcos in memory, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: ditekSHen
                                                                                                                                                                                                                                                      • Rule: MALWARE_Win_QuasarRAT, Description: QuasarRAT payload, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: ditekSHen
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....K+f.................b.............. ........@.. ....................................@.....................................W.................................................................................... ............... ..H............text....a... ...b.................. ..`.rsrc................d..............@..@.reloc...............n..............@..B........................H...........t...............H............................................0..K.......(.....(....(...........s....o....(....,.(....,.(;...-.~....o@...(....(....*.n~....-.(....,.(....*.(....*.0..=........o....,4(......(....,.*s....%.o....%.o....%.o....(....&(....*....0..N.......(....~....,.~....o....~....,.~....o....~....,.~....o....~....o..........(....*...0..n.......~....(....sz....~....(....,..oy...-.~....(....,..*~....~....(....~....~....(....,.r...p+.~....r...p(....~....(..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):9728
                                                                                                                                                                                                                                                      Entropy (8bit):6.791071822964766
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:d519kKsPOR3drvDtDvIqEk7KzmYMJHFKHkyUxaVXFaLuH2:d57kKsWR3RvDtDvIqFmdwQHnUxaVXALX
                                                                                                                                                                                                                                                      MD5:D9F2264898AAAA9EF6152A1414883D0F
                                                                                                                                                                                                                                                      SHA1:E0661549D6BF59FFDA98FCCC00756F44CAF02228
                                                                                                                                                                                                                                                      SHA-256:836CBA3B83B00427430FE6E1C4E45790616BC85C57DBD6E6D5B6930A9745B715
                                                                                                                                                                                                                                                      SHA-512:BA033BAF7C3B93BBF8FCE4F24BC37930D6CE419EE3F517D2BC9702417E821F5FDA5FB9334A08B37FED55B3B9535CD194A3B79DD70653D1F8C4C0DD906EBF1B04
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                      • Filename: NEVER OPEN!.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: Bootstrapper V1.19.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: VXLauncher.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: LisectAVT_2403002A_210.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: Restortion.clinic.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: 0x000700000001ac52-36.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: 8Zi7xnKKw7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: J54GP6x3r4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: Bypass1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...ba.c.........." ...". .......p........................................................`.........................................L..........\............@........................................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................"..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                      Entropy (8bit):7.0813376258556
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:HPt6CkaiGEmxFlCFNbJqCBSkyUxaVXFaLon/F+:F6Ch3EmDlwbJqKSnUxaVXAL8k
                                                                                                                                                                                                                                                      MD5:E3AE69E44C4C82D83082BBB8C25AA8DD
                                                                                                                                                                                                                                                      SHA1:116D3B46E8DAA2AEFB2D58BE4B00BD3BFC09833F
                                                                                                                                                                                                                                                      SHA-256:4229235814BBEE62311E3623C07898B03D3B22281CD4E5F1A87B86450B1B740F
                                                                                                                                                                                                                                                      SHA-512:8A49128A79A9F9DE27AFE150402BD8DB224F8BAE6237D6C2D29C1F543E5A929E2FD15060BFD37B49B1C4A3190A70659AA041D36BDE09674A77171DC27415B2D4
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ca.c.........." ...".0.......p........................................................`.........................................L..........\............P..L.......................................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                      Entropy (8bit):7.046269212433107
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:H7T6CkaiXcecnjMe0FXrdMIkCtOkyUxaVXFaL2nPVdX9lk:P6ChEcGeVWOnUxaVXALG/X9
                                                                                                                                                                                                                                                      MD5:ED1BBDC7CC945DA2D1F5A914987EB885
                                                                                                                                                                                                                                                      SHA1:C71F0A316E41C8AE5D21BE2E3A894E482D52774C
                                                                                                                                                                                                                                                      SHA-256:1EECE2F714DC1F520D0608F9F71E692F5B269930603F8AFC330118EA38F16005
                                                                                                                                                                                                                                                      SHA-512:1C26A0A0B223FD864BD01BCA8DE012DC385D116BE933C2479F25113983723DBBC2CEC147947F62C617BB7CCAD242518FECB653F008090BEEC0DEEEB5A1DFEAD4
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ca.c.........." ...".0.......p..p.....................................................`.........................................L..........\............P..d...................................................h...@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                      Entropy (8bit):6.978550721417444
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:611+odumclYAItbK07UmzqMtJ9CE1r28kyUxaVXFaLf3BD:TH5Yy073zqU99DnUxaVXAL5
                                                                                                                                                                                                                                                      MD5:3EFFD59CD95B6706C1F2DD661AA943FC
                                                                                                                                                                                                                                                      SHA1:6D3C1B8899E38B31E7BE2670D87050921023C7F1
                                                                                                                                                                                                                                                      SHA-256:4C29950A9EDEDBBC24A813F8178723F049A529605EF6D35F16C7955768AACE9E
                                                                                                                                                                                                                                                      SHA-512:D6AF4A719694547DAE5E37C833DEF291CE3EAEA3703FAA360C6ADCC6B64BA36442E0D2783D44450E0F582BC6FA07F3496919FD6C70F88DD0FC29688956939412
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............h...h...h......h..i...h..i...h...i...h..m...h..l...h..k...h...`...h...h...h.......h...j...h.Rich..h.........PE..d...aa.c.........." ...". .......p........................................................`.........................................L...p......\............P..........................................................@...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@......................................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):17920
                                                                                                                                                                                                                                                      Entropy (8bit):7.483226756510774
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:NT0mEndi296LQpjT621uQ7nUxaVXALwcn:NQhvrpf6wuEvc
                                                                                                                                                                                                                                                      MD5:671100B821EB357CEB5A4C5FF86BC31A
                                                                                                                                                                                                                                                      SHA1:0604A7686029BECEBBEF102C14031CCF489854E9
                                                                                                                                                                                                                                                      SHA-256:803E46354CDAB4AF6FF289E98DE9C56B5B08E3E9AD5F235D5A282005FA9F2D50
                                                                                                                                                                                                                                                      SHA-512:2D916A41993EA1A5A0E72F0665A6D8C384C1541EE95A582EF5FBC59BE835720915046C7106ED2F9A1074EC0CDDFA7124E8079B2F837A442599C59479477960AF
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...^a.c.........." ...".@................................................... ............`.........................................L...........\.......................................................................@...........................................UPX0....................................UPX1.....@.......>..................@....rsrc................B..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11264
                                                                                                                                                                                                                                                      Entropy (8bit):7.042646572293955
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:CZ1jziP8+lCPPQFUF/ylol0uBpDIkyUxaVXFaLmEnlA:kzulCPqUFCo5BpDInUxaVXALX
                                                                                                                                                                                                                                                      MD5:DCD2F68680E2FB83E9FEFA18C7B4B3E0
                                                                                                                                                                                                                                                      SHA1:8EC62148F1649477273607CDAA0DCE2331799741
                                                                                                                                                                                                                                                      SHA-256:D63F63985356B7D2E0E61E7968720FB72DC6B57D73BED4F337E372918078F946
                                                                                                                                                                                                                                                      SHA-512:BF311F048001C199F49B12B3B0893D132A139DD4B16D06ADB26DD9108F686B50C6FEDA2A73A59324473DB6EE9063FF13C72047A97E2FCB561C8F841EE3A8360C
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........eX.o...o...o.......o.......o.......o...o...o.......o.......o.......o.......o.......o.......o.......o..Rich.o..........................PE..d...^a.c.........." ...".0.......p.. .....................................................`.........................................L..........\............P.........................................................@...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):12800
                                                                                                                                                                                                                                                      Entropy (8bit):7.101710831645112
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:H68U1i2QelKEyhXjReC6SCeiJpHzoh7JfwoskyUxaVXFaLQHC:a8U8Dz1ESlinHzo5KosnUxaVXALV
                                                                                                                                                                                                                                                      MD5:3F5FD606893B3DE6116D4A185E713CA3
                                                                                                                                                                                                                                                      SHA1:5B0ABEB17AE2B3D59215FFFAE6688921B2A04EDA
                                                                                                                                                                                                                                                      SHA-256:0898CDE5FCCFA86E2423CDF627A3745B1F59BB30DFEF0DD9423926D4167F9F82
                                                                                                                                                                                                                                                      SHA-512:11580C06601D27755DF9D17DDFA8998E4E8E4FDEC55ECD1289963095BD752A69307B09606B06E5012CC73620D1B6D6CD41563C27A8218653DE7473F6E4BE1B2B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ...".0..........@.....................................................`.........................................L...........\............`......................................................8...@...........................................UPX0....................................UPX1.....0.......*..................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                                                                      Entropy (8bit):7.390629788507205
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:gmM80nfSoKJZi3o0DYjHeja46nUxaVXALsD:gmMTf8Z4oiYj++T
                                                                                                                                                                                                                                                      MD5:418CEC0CC45B20EE8165E86CAC35963C
                                                                                                                                                                                                                                                      SHA1:51B8EE4C8663BE14E1EE5FA288F676ED180DA738
                                                                                                                                                                                                                                                      SHA-256:694BF801227B26DADAF9DDFF373647AB551D7A0B9CFF6DE1B42747F04EFC510E
                                                                                                                                                                                                                                                      SHA-512:7986BD0BB851DC87D983EAAEB438C6F6D406FE89526AF79CFCEE0F534177EFA70AA3175D3BC730745C5F344931132C235659E1CC7164C014520477633488A158
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ...".@..........0.....................................................`.........................................L...........\............p......................................................(...@...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                      Entropy (8bit):7.586579116038327
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:4VVgiBGs0qMuLjc5XzQk+JktIzZWFjoyXfHG1L4lcX22CnUxaVXALbUu:4VCicsfFL45KJk44NoyX/CucX8OUu
                                                                                                                                                                                                                                                      MD5:243E336DEC71A28E7F61548A2425A2E1
                                                                                                                                                                                                                                                      SHA1:66DCA0B999E704E9FB29861D3C5BCD065E2CB2C0
                                                                                                                                                                                                                                                      SHA-256:BF53063304119CF151F22809356B5B4E44799131BBAB5319736D0321F3012238
                                                                                                                                                                                                                                                      SHA-512:D0081025822FF86E7FC3E4442926988F95F91BFF3627C1952CE6B1AAEF69F8B3E42D5D3A9DD941C1A1526D6558CA6E3DAEF5AFCFB0431EEBC9B9920C7CA89101
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...`a.c.........." ...".P................................................................`.........................................L...........\.......................................................................@...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                      Entropy (8bit):6.815145028259091
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:HG6CkaitEsE8Vm7wvukyUxaVXFaLy300:m6ChIV9unUxaVXALV
                                                                                                                                                                                                                                                      MD5:FE44F698198190DE574DC193A0E1B967
                                                                                                                                                                                                                                                      SHA1:5BAD88C7CC50E61487EC47734877B31F201C5668
                                                                                                                                                                                                                                                      SHA-256:32FA416A29802EB0017A2C7360BF942EDB132D4671168DE26BD4C3E94D8DE919
                                                                                                                                                                                                                                                      SHA-512:C841885DD7696F337635EF759E3F61EE7F4286B622A9FB8B695988D93219089E997B944321CA49CA3BD19D41440EE7C8E1D735BD3558052F67F762BF4D1F5FC3
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...aa.c.........." ...". .......p..p.....................................................`.........................................L..........\............P..X...................................................h...@...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                      Entropy (8bit):6.934741919099467
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:CaqmTnQIPnsvQPc6SltPZHloUYU9dOxLKFaEWakyUxaVXFaL2nC2:1DnQxvQPpSlNoUopKjWanUxaVXALj
                                                                                                                                                                                                                                                      MD5:FF64FD41B794E0EF76A9EEAE1835863C
                                                                                                                                                                                                                                                      SHA1:BF14E9D12B8187CA4CC9528D7331F126C3F5CA1E
                                                                                                                                                                                                                                                      SHA-256:5D2D1A5F79B44F36AC87D9C6D886404D9BE35D1667C4B2EB8AAB59FB77BF8BAC
                                                                                                                                                                                                                                                      SHA-512:03673F94525B63644A7DA45C652267077753F29888FB8966DA5B2B560578F961FDC67696B69A49D9577A8033FFCC7B4A6B98C051B4F53380227C392761562734
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................;..................................................................W.............Rich............................PE..d...aa.c.........." ...".0.......p........................................................`.........................................L..........\............P..d.......................................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11264
                                                                                                                                                                                                                                                      Entropy (8bit):6.939657038298525
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:Tkje/clVEmNVPjkTnA614twLFhS3YO7C6W1wQykyUxaVXFaL6nvYF:8L1Bjul19GjW1wBnUxaVXALx
                                                                                                                                                                                                                                                      MD5:D67F83D1482D9600AC012868FB49D16E
                                                                                                                                                                                                                                                      SHA1:55C34243CDD930D76155EDF2D723FAA60A3A6865
                                                                                                                                                                                                                                                      SHA-256:AA463CD4D0B4BBD4159650D66C11A699B23775BF92455FB58A2206B932A65FEC
                                                                                                                                                                                                                                                      SHA-512:94E9599723BF697EAEEB0401EF80A75E46208C1984DF63A315A3CDE1A7C97DB070353ACB0712CEC887C04CAD9755A2E4E357A10B2D40F23F0B44EE277D4F4BDB
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F...(...(...(......(..)...(..)...(...)...(..-...(..,...(..+...(... ...(...(...(.......(...*...(.Rich..(.........PE..d...ba.c.........." ...".0.......p..@.....................................................`.........................................L..........\............P......................................................8...@...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@......................................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):17408
                                                                                                                                                                                                                                                      Entropy (8bit):7.508920120657843
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:/roOiYb00oHet1Y8z+r99tbr4FntSKVjoqDB+7XnUxaVXALP:/rpiDHm16B9RQSKCnrc
                                                                                                                                                                                                                                                      MD5:B0EEF5CEAE8BA5E2A04C17B2B6AE87B5
                                                                                                                                                                                                                                                      SHA1:6EA2736EE6F6955F0DBBD3A3ACC78CDD9121E468
                                                                                                                                                                                                                                                      SHA-256:C9BBA124BE36ADA4549276D984BB3812EE2207C7DBF646EC6DF9A968E83205FB
                                                                                                                                                                                                                                                      SHA-512:CE270FD23C2761D066D513B493C08A939CA29D94566EE39D0118BACB1619B5D860EBCFDCAE01F9A0B556DA95AFA8D34CF4E2234E302DE2408FFFA1972F643DEF
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.ANRg.NRg.NRg.G*..JRg...f.LRg..*f.MRg.NRf.hRg...b.BRg...c.FRg...d.JRg...o.ORg...g.ORg.....ORg...e.ORg.RichNRg.........PE..d...`a.c.........." ...".@..........`N... ...................................p............`.........................................Lb.......`..\....`..........l............b......................................XZ..@...........................................UPX0....................................UPX1.....@... ...<..................@....rsrc........`.......@..............@......................................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):17408
                                                                                                                                                                                                                                                      Entropy (8bit):7.495463921230312
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:eroO1wQv0BMJr0DW6EeBrSBnUxaVXAL8:erp1w3eF0DxzrMX
                                                                                                                                                                                                                                                      MD5:D892F9D789C22787D846E405D0240987
                                                                                                                                                                                                                                                      SHA1:F3B728D04904E5FD3465C7665F7FDE2318E623C3
                                                                                                                                                                                                                                                      SHA-256:100CD322EA2F8E3997432D6E292373F3A07F75818C7802D7386E9810BEE619B0
                                                                                                                                                                                                                                                      SHA-512:00FFAC3215FFA3DFAB82A32B569BC632E704B134AF4E3418DFBC91CCE9FA09D7E10B471B24183DFA1AEFA292B345BDDC030547FCCE1162F6AC5E464DFA7CF0E9
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.ANRg.NRg.NRg.G*..JRg...f.LRg..*f.MRg.NRf.hRg...b.BRg...c.FRg...d.JRg...o.ORg...g.ORg.....ORg...e.ORg.RichNRg.........PE..d...`a.c.........." ...".@..........0N... ...................................p............`.........................................Lb.......`..\....`.......................b......................................(Z..@...........................................UPX0....................................UPX1.....@... ...<..................@....rsrc........`.......@..............@......................................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):9216
                                                                                                                                                                                                                                                      Entropy (8bit):6.822560284810641
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:h51aJh9fUQeV9tUhHQBYwkyUxaVXFaLuHB:h5k9s9tSHkYwnUxaVXALk
                                                                                                                                                                                                                                                      MD5:F94726F6B584647142EA6D5818B0349D
                                                                                                                                                                                                                                                      SHA1:4AA9931C0FF214BF520C5E82D8E73CEEB08AF27C
                                                                                                                                                                                                                                                      SHA-256:B98297FD093E8AF7FCA2628C23A9916E767540C3C6FA8894394B5B97FFEC3174
                                                                                                                                                                                                                                                      SHA-512:2B40A9B39F5D09EB8D7DDAD849C8A08AB2E73574EE0D5DB132FE8C8C3772E60298E0545516C9C26EE0B257EBDA59CFE1F56EF6C4357EF5BE9017C4DB4770D238
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...aa.c.........." ...". .......p........................................................`.................................................................@..........................................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15872
                                                                                                                                                                                                                                                      Entropy (8bit):7.411957303167114
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:emM80n0sH6HhpbHIQ5TsgOnLC9DS4pf12SnUxaVXALbOd:emMT0tzIQ5AgYmS4pf1DJ
                                                                                                                                                                                                                                                      MD5:E5021B9925A53B20946C93B5BF686647
                                                                                                                                                                                                                                                      SHA1:DEEA7DA72EE7D2511E68B9F3D28B20B3A4AD6676
                                                                                                                                                                                                                                                      SHA-256:87922D0EE99AF46080AFD4BAA2F96219FA195731C0745FCB9C7789338ECC778F
                                                                                                                                                                                                                                                      SHA-512:E8A6B382C17138D9B33AE6ED8C1DFE93166E304A987BF326D129AE31948F91429F73EBD204C772C9679B35AFEA0A8E9DF613BCEC7F46C6E1448B226EB2C2A507
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ...".@................................................................`.........................................L...........\............p..........................................................@...........................................UPX0....................................UPX1.....@.......6..................@....rsrc................:..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11776
                                                                                                                                                                                                                                                      Entropy (8bit):7.033792220569869
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:Cm3adl/1JXscT11V9X8IdxqX+74RB6qT/lr5kyUxaVXFaLmHB:C6IXn11V9RrHkz6a5nUxaVXALs
                                                                                                                                                                                                                                                      MD5:A76AEB47A31FD7F652C067AC1EA6D227
                                                                                                                                                                                                                                                      SHA1:FF2D8E14E8A99F5C78C960C2AFD5BE2F9ED627AB
                                                                                                                                                                                                                                                      SHA-256:C816F4A89CE6126DA70CB44062294A6A4AC0F73EC3A73EAD9269425B7B82288A
                                                                                                                                                                                                                                                      SHA-512:C7CEC6A125904FCB42A6933520F88A6A1AA43FED9ECD40E20DDDDA9AC2DAC37E4D1D79951FF947A10AFB7C067C441DDF7DE9AF4E4BD56D73C1284962C085C1E9
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...ba.c.........." ...".0..........`.....................................................`.........................................L...........\............`..............H.......................................X...@...........................................UPX0....................................UPX1.....0.......&..................@....rsrc................*..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                      Entropy (8bit):6.750046576159352
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:HQE6Ckai65ePzhVTL8Q5xh9XkyUxaVXFaLy3MJ:Z6ChJstpDxh9XnUxaVXALl
                                                                                                                                                                                                                                                      MD5:EEA83B9021675C8CA837DFE78B5A3A58
                                                                                                                                                                                                                                                      SHA1:3660833FF743781E451342BB623FA59229AE614D
                                                                                                                                                                                                                                                      SHA-256:45A4E35231E504B0D50A5FD5968AB6960CB27D197F86689477701D79D8B95B3B
                                                                                                                                                                                                                                                      SHA-512:FCDCCEA603737364DBDBBCD5763FD85AEB0C175E6790128C93360AF43E2587D0FD173BEE4843C681F43FB63D57FCAEF1A58BE683625C905416E0C58AF5BF1D6C
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ba.c.........." ...". .......p........................................................`.........................................L..........\............P..X.......................................................@...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11776
                                                                                                                                                                                                                                                      Entropy (8bit):6.977802787830596
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:Hlqi6CkaiGp4OUdGyXOidiPFiV2ekyUxaVXFaL6n2fOG:FP6ChtCOesPDenUxaVXALDG
                                                                                                                                                                                                                                                      MD5:1BF5CD751AED60DD92D0AB3CE6D773FA
                                                                                                                                                                                                                                                      SHA1:897A5F74BBAC0B1BD7CB2DD598AA9B3B7BED326D
                                                                                                                                                                                                                                                      SHA-256:CDA73AF34E4F542646952BBCB71559CCBDF3695AA74ED41D37A4A7D1F932A42D
                                                                                                                                                                                                                                                      SHA-512:81113CFCEF2F434E9AC39B4B9CF08E67F1D84EAAA5A3CFFC5D088410E6E6480057DA1915AA22A8E01BE69418247C29D921D481D0577B810D99AC815D82D9F37E
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ...".0.......p........................................................`.........................................L..........\............P..@.......................................................@...........................................UPX0.....p..............................UPX1.....0.......&..................@....rsrc................*..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11264
                                                                                                                                                                                                                                                      Entropy (8bit):7.1469700456721625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:HbH1U5KE2S8oKi7hn8QEcJtFnlZlmJ6pcfUcqEQbxwl22wUF2MXkyUxaVXFaLtnj:iK1S8oh7h8BcJ5ZlmYcfUcqEQb2lzFNW
                                                                                                                                                                                                                                                      MD5:821670341B5465047733CC460856A2F5
                                                                                                                                                                                                                                                      SHA1:E0A1BBC859A1F502BA086DDD8BCED82AB6843399
                                                                                                                                                                                                                                                      SHA-256:84780C05C9AD7B1E554211CD31BBCB02CBE587E4F08BD2D0B9561D104C4D125C
                                                                                                                                                                                                                                                      SHA-512:5F617695EA9A5312DBBD13E379E124A96692CC228B0BC366B93CDCDAF3E23375602D9E81CF5A4286A5CEDEAAE635F11120C2C2390876BF3FD7398C59044BE82F
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ...".0.......p........................................................`.........................................L..........\............P..@.......................................................@...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                      Entropy (8bit):6.941977635771166
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:CR911+odumclYlXkeQ67WsVa6b0/XovtI2uLHkyUxaVXFaLtniW2B:COH5YmexVrblvl4HnUxaVXALg7B
                                                                                                                                                                                                                                                      MD5:11A097C3DFDCFBB2ACB2EE0C92A9CB10
                                                                                                                                                                                                                                                      SHA1:D15EF7DF71C8549B9B956DAC89E2542D1452ED08
                                                                                                                                                                                                                                                      SHA-256:DAE038EB9D1CCDE31F9889818DB281AE70588FF5AB94A2AB7F33F8A1708F7325
                                                                                                                                                                                                                                                      SHA-512:29149388B53FD85F7E77A0AE0ACFD172D73CC1443195A98B7392C494998998017EF11E16FAABBA479996FA2424D4C3CED2251FB5D8852A76FB2341F08AD08C01
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Va.c.........." ...".0.......p........................................................`.........................................L..........\............P..(......................................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                      Entropy (8bit):7.05097021372971
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:CgwgkM1OqY2hQbIGcKqV31LGT63hjvYx4kyUxaVXFaLonXlFw:Cxw/hwI2q11LnO4nUxaVXALkXw
                                                                                                                                                                                                                                                      MD5:D32A2064E2DA99B370F277026BB54747
                                                                                                                                                                                                                                                      SHA1:1F12598490871A86B6E2B46527DD3F10B30B183D
                                                                                                                                                                                                                                                      SHA-256:959EA4BB2F433F79CBC4AFD7E77CD256E3E67416E9E6AA0E3646BCAF686E40CD
                                                                                                                                                                                                                                                      SHA-512:0A2ECE5075FF9212863D80AEFFAB356B314EED3CC806C599C7665F62C30CD726CE8EC00922DFDC2E8F5AE3E2A9D9B9F7B4BD1677A02623034332DFD0413D3E02
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Va.c.........." ...".0.......p........................................................`.........................................L..........\............P..(.......................................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                                                      Entropy (8bit):7.136950075672147
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:C1sG1qextX4NJ9Lx8ZTZUaiQgp0AdXeST53lHA3WUkyUxaVXFaLHnU8:C2kX4NJOTmQg1dXeS1NAGUnUxaVXAL0
                                                                                                                                                                                                                                                      MD5:EE11CB538BDAB49AA3499C394060F5CE
                                                                                                                                                                                                                                                      SHA1:43B018D561A3201D3AA96951B8A1380D4AEB92B1
                                                                                                                                                                                                                                                      SHA-256:23DDA5CE329198FE9471C7DCA31AF69144AB7A350D3E6F11D60E294C7996B1CA
                                                                                                                                                                                                                                                      SHA-512:AFBDB4692AC186F62AE3B53803F8A7357E32EB40732D095A7086566B94592C3E056B48C6CA6C62742B8DE14C7F309496F83B664C42D55E679AFA60B4F1468832
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Wa.c.........." ...".0.......p.......................................................`.........................................L..........\............P..X......................................................@...........................................UPX0.....p..............................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11264
                                                                                                                                                                                                                                                      Entropy (8bit):6.909373515854209
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:Hsi6CkaTs6Ac86kwsvQrehMrP+bekyUxaVXFaL2nPV7:p6ChT1AjzQa6P+benUxaVXALGp
                                                                                                                                                                                                                                                      MD5:19CA6E706818CF08F91EBB82BF9911E9
                                                                                                                                                                                                                                                      SHA1:AB53841686BD55FC58A7262A79568A714A6D870B
                                                                                                                                                                                                                                                      SHA-256:11933E4F74368B334C1D2118D4E975533185517264CA45F3382274DD27540DEB
                                                                                                                                                                                                                                                      SHA-512:658908AA5487DC398B58E9EA704E83A63146C7D87126FA275296263C981AF48D08AB3D20D541401EB0A22489AD23991E32E6238BCAF46DAFFFA971EC769FFE96
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...\a.c.........." ...".0.......p.......................................................`.........................................L..........\............P..............$..........................................@...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):13312
                                                                                                                                                                                                                                                      Entropy (8bit):7.240942496482241
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:CDyIXn11ON21FUOyquRmMS17VCgHgmynUxaVXALana4:CDyQ11a21FYjRmMAVULZ
                                                                                                                                                                                                                                                      MD5:D28807CB842B8A9F7611175CBBBC8867
                                                                                                                                                                                                                                                      SHA1:FFB37BCC48B93D47EC6BA442E1BC7AA90A98246A
                                                                                                                                                                                                                                                      SHA-256:C6870DB1D8518D0E594C7E7A0271636BCFCCAF58BE584A20E2A7EFCE1E3D4BB7
                                                                                                                                                                                                                                                      SHA-512:0C9B1E751BDC8B995BF3BB8B90E884009F80D39E48AE679EB1551AD74D9A4987B80858EC180DCF81F25247571EB07B051E564F64594A4374E7BF5B07F68B90E8
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Wa.c.........." ...".0................................................................`.........................................L...........\............`..X...........$...........................................@...........................................UPX0....................................UPX1.....0.......,..................@....rsrc................0..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                                      Entropy (8bit):7.292530574848384
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:C6PTNMvsMA5oqMs6C5JWBCZy6nUxaVXALe:C6pMvsbtqwvN
                                                                                                                                                                                                                                                      MD5:3ADAFA903E2D2681181606C962A83E62
                                                                                                                                                                                                                                                      SHA1:D9963B1A62DE6A0CD4E319BC24E1F6D86E5FB74C
                                                                                                                                                                                                                                                      SHA-256:407318F348E50F68E9C0517467BD9FB9AB40823302A84CB56B4E015A76821D17
                                                                                                                                                                                                                                                      SHA-512:F1B90E760878D8D3E8801C42CDA4F3651E95B0F12DF49458637D7BC4B87780B4E914345E5854EAC2EB34668E0A088F526BC6360B0DD0597A8B3CD38A1708D837
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Ya.c.........." ...".@..........P.....................................................`.........................................L...........\............p..............4...$...................................H...@...........................................UPX0....................................UPX1.....@.......2..................@....rsrc................6..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                                      Entropy (8bit):7.305090410676597
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:C/PTNMvsMA5oqPFQrVLOhFsCpem+EnUxaVXALe:C/pMvspFQRihFsCppN
                                                                                                                                                                                                                                                      MD5:FDA96B4CA2499DE84F3F982B536911DF
                                                                                                                                                                                                                                                      SHA1:898E6DA58A9F99C2E97B7B968C7BB905CD1B8E3F
                                                                                                                                                                                                                                                      SHA-256:DDAF1B7C30CC0BAC0A30845C8279D9DE3E3165149FBA5BCBF5FE9C06849E97CB
                                                                                                                                                                                                                                                      SHA-512:91DE91D99D9E1AB1DECE569031B4C94EB31438235CC54FD5D9DB1C6C6588E99B5A12C8731ED02D89ADB635AE32A6217336D4EA212A28F318B8D2FA5D157674F1
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Xa.c.........." ...".@..........P.....................................................`.........................................L...........\............p..............4...$...................................H...@...........................................UPX0....................................UPX1.....@.......2..................@....rsrc................6..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                                                                      Entropy (8bit):7.387902805722102
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:CZKaj0o+l4vgQDD7pvJhEkgEo9nUxaVXALQ6:C8MDWoFDnpvWbX
                                                                                                                                                                                                                                                      MD5:961ED0A2E355E9D15D98918438E75F2C
                                                                                                                                                                                                                                                      SHA1:044210C4B576E85333ACC7911D6B65AAA7D2AE6D
                                                                                                                                                                                                                                                      SHA-256:F3526F51E53E2DC1251893DD345AD59F519F9C3C69860AE8320E029241676D59
                                                                                                                                                                                                                                                      SHA-512:DD7E9352E0C132C9FCE841D0C9A40D27C99E99661F5452760E67A09CACC701081FCAE46BD90E1D81EBD7F1C641C271767BE5D1D76A72E8FD0728AA069B330606
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Za.c.........." ...".@................................................................`.........................................L...........\...........................4...........................................@...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                                                                      Entropy (8bit):7.456796403229419
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:CWKaj0t9/BuZh2MulpDvqyGxTvnUxaVXALF:CTMw9/BMhruKyGxDO
                                                                                                                                                                                                                                                      MD5:17BDD9F18FC0BA23BCF7A2F0DBE6C34D
                                                                                                                                                                                                                                                      SHA1:09D42AE8EC33CA02B9889132A4957D0FE4274BB5
                                                                                                                                                                                                                                                      SHA-256:820C8E6E5C7480A709B3665848884BA9D852163C79560A651131DE89ACE0261A
                                                                                                                                                                                                                                                      SHA-512:91DBCD8654F7404A8CD9A40912B995F45FE5A405AF78737B6DFB113DB6DAE12D9D36BF773CC702E2696BF79AB21F2EC505FFA87F74575DFD45C449A03C40A7F2
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...\a.c.........." ...".@................................................................`.........................................L...........\...........................4...........................................@...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                      Entropy (8bit):6.789317389612839
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:p1U5KEc/Y4ELhbko1JQdwXBSkyUxaVXFaLZnxzm:EKX/shnQduSnUxaVXALr
                                                                                                                                                                                                                                                      MD5:461EFFE91D16420811D0ADB865654DE7
                                                                                                                                                                                                                                                      SHA1:863AD8549892CB921DFFC35559FC7385598BF0A9
                                                                                                                                                                                                                                                      SHA-256:0F322BFB8F6C26DF329D6254B2FE8A25C1AB4AB51F9404F6EAE943E0A253F469
                                                                                                                                                                                                                                                      SHA-512:CC05A3D9A6F48AFD8E70BFABC870156E50D2CE6509E4E46C0F5567EAF1C2CC1AB52B8CA1990861E46AF569DE9717219BB205860D48177241D44BF573C0F50CDF
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...]a.c.........." ...".0.......p.......................................................`.........................................T..........d............P..................$......................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                      Entropy (8bit):6.817402405280982
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:Hje1U5KEc/Y4EL94AxD9JFkyUxaVXFaLfnpT:RKX/s9D9JFnUxaVXALh
                                                                                                                                                                                                                                                      MD5:3057B01EC05D6ABD5CEE82EC2E4CFB06
                                                                                                                                                                                                                                                      SHA1:A82D7D2183AD2C4D5B68B805DEA6487B9FDD3E43
                                                                                                                                                                                                                                                      SHA-256:2DB1135EC696600AB7D53634BACAD4BBCB8DC25B09E6BD2C2633E8DF75736082
                                                                                                                                                                                                                                                      SHA-512:1548894E039DFB33C17EB9CDB05C6C31F8D993C285898522E0776A063D2240F9F48F8717F9598A4957B5673B3256652E7FD2260D1E9DB34FA86D144925C06A52
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ...".0.......p.......................................................`.........................................L..........\............P..X...............$......................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                                                      Entropy (8bit):7.060617294398413
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:CVj1ole1gwA1QapW0MEGqvjtv7ovK+u8NsS1mZKQ6kkyUxaVXFaLHncx:CSe1rwtph4q7JoSb8N5cKHknUxaVXAL8
                                                                                                                                                                                                                                                      MD5:EB197359306DAA1DF7E19DC1E85D046F
                                                                                                                                                                                                                                                      SHA1:B0D013525C512F887BEB025F855E439D654877E3
                                                                                                                                                                                                                                                      SHA-256:8BB9B9E91287E12F867A53E0D6C8067FB9344FFB46CE6D874E44A6E89C8FE14D
                                                                                                                                                                                                                                                      SHA-512:EBD339879E0DA163008DF5195316C086035BB980878A61E031E34FDC74253BF7AD495EC97FE1057BD5FA3D322C6C707ADF405709DD44834238F705435E02CC1B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...\a.c.........." ...".0.......p........................................................`.........................................L..........\............P..p...........@...........................................@...........................................UPX0.....p..............................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11776
                                                                                                                                                                                                                                                      Entropy (8bit):7.021267811320247
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:CV011I5c1918YWN+ZnOsrjHDSyPrmnbNnYyDgIkyUxaVXFaLKnBC:CwYcfWYWJsrTDSKrmbYInUxaVXALY
                                                                                                                                                                                                                                                      MD5:B18D6148260D3F01B4CFB38EE35F76BB
                                                                                                                                                                                                                                                      SHA1:87064360D9A06D9B8507AA6CB3C9C49FACB2D159
                                                                                                                                                                                                                                                      SHA-256:E82A778AB0A50807F9E895761E4BCDE2AB1F194B0BEA29BB1242F782388C3322
                                                                                                                                                                                                                                                      SHA-512:6C2DB42605B6B8125860EB666149C186BB02ACD2CD769FE0D494E7566D30824663DC9C4A19A654FD6CB0DC62E9EC13B105FB6C67B288E8B8BEC65EC5DDF2CD9A
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...^a.c.........." ...".0.......p..`.....................................................`.........................................L..........\............P..|...................................................X...@...........................................UPX0.....p..............................UPX1.....0.......&..................@....rsrc................*..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                      Entropy (8bit):7.522268054098919
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:jVIehK2iflZpwNAFvzReHErimGpOqQ8lxiFviBaDOA5/cnUxaVXALaY:jVruHdRecEJlw58A5EBY
                                                                                                                                                                                                                                                      MD5:22720D896AFDBCDCBD949F5D5492C82B
                                                                                                                                                                                                                                                      SHA1:86A9A1DC7F6B0BFB37977824DF983943BE3141CE
                                                                                                                                                                                                                                                      SHA-256:6F355BF63DD20593F44DB12EAB941096EFD70F62D778BDEA546B48F0D055E881
                                                                                                                                                                                                                                                      SHA-512:8F1840A9DAAC58AC18A13D2B810BA410FAEE133D12DF49BE76699073E96B766AA21C2116BEE9D45555E12CE0E2E516BCD3A561DF3528E9FA57980F1EA72C68EC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..|.../.../.../..Q/.../G....../C....../.../#../G....../G....../G....../....../....../.=/.../....../Rich.../................PE..d...la.c.........." ...".P.......... ........................................ ............`.........................................L...d.......\...............$.......................................................@...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                      Entropy (8bit):6.826599062620208
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:z1Qxmkp6kBsHaEDzSbbc6PpnXJoBQ5hkyUxaVXFaLr3sUK:mbsHaEabcSJ5hnUxaVXALo
                                                                                                                                                                                                                                                      MD5:FF7E401961C18D07C055B796A70E7D9F
                                                                                                                                                                                                                                                      SHA1:71FEA35BE66E71445B22B957C9DE52CB72C42DAA
                                                                                                                                                                                                                                                      SHA-256:0B23AC14EB398813E04F9116B66F77E93DEB2F9473C6534AAEEE0742128E219F
                                                                                                                                                                                                                                                      SHA-512:3885E7579CA4953167CA8F171A239355E3A0B128620CD4919FD8336DDB7877BBAEA07B0EC987D3A3F00BE495778CA003EC2D694373CFA6450644A82F090CFE5D
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................;..................................................................W.............Rich............................PE..d...ca.c.........." ...". .......p.......................................................`.........................................L...d......\............P..4......................................................@...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):638976
                                                                                                                                                                                                                                                      Entropy (8bit):7.998469740064385
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:3utRJVHFtuPQ5Yi66r+uWMkf51I6NqAvPBTd74LlSSgdd:+tRfltQiFrhWMkf53tvUhk
                                                                                                                                                                                                                                                      MD5:9977AF4D41DBD25919E57275A3B6A60C
                                                                                                                                                                                                                                                      SHA1:81BF50D93CB871B40F8E1C95A06BA7E1E5C77141
                                                                                                                                                                                                                                                      SHA-256:7A467F18E2DFB9276F5CC6709102B70D004D8EEB55E3E53270419D3F3960EDFE
                                                                                                                                                                                                                                                      SHA-512:C8021B01E0C7CFE3DA8006D1529DFEFE851B6ED9ECA104FACB17B3BDA2A6B6062143FA9A9B3462E4A0BE58E6579FC34B6520B9E267E1C9B27B9950AA0807C7C8
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$..L$..L$..L-.#L"..Lk.M&..Lo.M'..L$..L...Lk.M(..Lk.M,..Lk.M'..L..M!..L..M%..L..OL%..L..M%..LRich$..L................PE..d...ha.c.........." ..."......... .......0................................................`.........................................L...d.......\...............l.......................................................@...........................................UPX0..... ..............................UPX1.........0......................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15872
                                                                                                                                                                                                                                                      Entropy (8bit):7.446672321911902
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:N/6Y6GuC70NwWjL95yqC0AG1kOnUxaVXALR:J6UB7ewWOk1J6
                                                                                                                                                                                                                                                      MD5:03AB1F87202DBBB7A0B911283F9628F6
                                                                                                                                                                                                                                                      SHA1:968DCB59BFFFECD767160356449B2E6397CEB819
                                                                                                                                                                                                                                                      SHA-256:7C6131D04BA4EBB0C4A5434ADD080A33A30E6DB7542A54BFE6EBE4CA3F13FAFF
                                                                                                                                                                                                                                                      SHA-512:0170A3AE72141DABC95ACF21D3F9602F0BB0A47E1AA834E0FC01F7E75E727ACF9A6BEB66484327639EFEE12E0106A030E56121E604DEDA0DF3C44B3EA1C58706
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.o...o...o.......o.......o.......o...o...o.......o.......o.......o.......o.......o....t..o.......o..Rich.o..................PE..d...ja.c.........." ...".@.......... .....................................................`.........................................L...0.......\...........................|...........................................@...........................................UPX0....................................UPX1.....@.......6..................@....rsrc................:..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):27136
                                                                                                                                                                                                                                                      Entropy (8bit):7.716235505829019
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:N+U1/EIha4hI63riOlt0IVQNv3sdIHaOyyFOHBjXuwtd1INmDwvrFDh1nUxaVXAV:N+U1/jhVhd3riwKMTFJluwRE9fp0
                                                                                                                                                                                                                                                      MD5:999485C3306CE844545D6FF32B1778F7
                                                                                                                                                                                                                                                      SHA1:F6E146C47AA1992D91A46BDF1727BD752C9608A5
                                                                                                                                                                                                                                                      SHA-256:933F66840E793D4897594E934B78D5513C5A4C6B28A930F2B3E89E5A0AA203AD
                                                                                                                                                                                                                                                      SHA-512:315ED2B1CDDB0A5476DB91B6ABE041D772437E5C72E7F9D9A67B747E61E5DA2E5F4C035FE67487BB31E55B560F9846A908D927FBEF9CC791D36E578247B1CA6A
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..|.../.../.../..Q/.../G....../C....../.../#../G....../G....../G....../....../....../.=/.../....../Rich.../................PE..d...ka.c.........." ...".p...........s... ................................................`.........................................L...h......\............0..$...............$.......................................@...........................................UPX0....................................UPX1.....p... ...b..................@....rsrc................f..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):9216
                                                                                                                                                                                                                                                      Entropy (8bit):6.731328673523401
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:O51aJh9fUQmKaF3wB0S57R2kyUxaVXFaLuHhE:O5k9C3a02R2nUxaVXALkE
                                                                                                                                                                                                                                                      MD5:959E90A606763B4193A624D012974BB2
                                                                                                                                                                                                                                                      SHA1:FC80DE8F6CFFFA0BA034948BCFFF8D8CDEBA29E5
                                                                                                                                                                                                                                                      SHA-256:6D63F30609F05450906E8EBD8C90E47827BBBF9EA92906E984223FD51E4908A7
                                                                                                                                                                                                                                                      SHA-512:78161B7FC028B90AC40477D1181A00294D4D96378BB88980B8D1A8B7C65814F50BACFDF389540EF3D8BAA3822282FC97981811C5685BD8123E59A614593B0EFB
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6!.bWO.bWO.bWO.k/..`WO.-+N.`WO.)/N.aWO.bWN.FWO.-+J.iWO.-+K.jWO.-+L.aWO.+G.cWO.+O.cWO.+..cWO.+M.cWO.RichbWO.........PE..d...ia.c.........." ...". .......p........................................................`.............................................P...................@..............P.......................................x...@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):9216
                                                                                                                                                                                                                                                      Entropy (8bit):6.773387048001548
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:C51aJh9fUQeQT3VmqRDFkyUxaVXFaLuHxJ5:C5k9xrVmqBFnUxaVXAL0J5
                                                                                                                                                                                                                                                      MD5:6499087EBA82E487F21D40A769C686B6
                                                                                                                                                                                                                                                      SHA1:4C5E8759FB35C47221BDA61B6226499D75CBE7E4
                                                                                                                                                                                                                                                      SHA-256:2F4B5EB8397D620FA37F794BCA32A95077F764B05DB51DBA9AD34C2E2946FF60
                                                                                                                                                                                                                                                      SHA-512:CE183276F0FDCCAF8BE5C34F789F2C47BAB68DFB168E0C181DD0FCF8B4A8C99527CD83C59891DCD98BBEB160DBCE884C4ECEA5EE684DEEDFF845C6B3F8205518
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...aa.c.........." ...". .......p........................................................`.............................................|...................@..............|...........................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):9216
                                                                                                                                                                                                                                                      Entropy (8bit):6.768064843872946
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:kbaMhzoscluM6bSM3cVhqj0rrp2C0DCLkyUx7P2EbfOlDhS+dY64At7S1TBIa+tm:zPWbS6Uhrl2hCLkyUxaVXFaLXHB
                                                                                                                                                                                                                                                      MD5:9C34D1EC0B1C10FE8F53B9CAA572856A
                                                                                                                                                                                                                                                      SHA1:141CDB91EC3C8135A4AC1FE879D82A9E078AB3CB
                                                                                                                                                                                                                                                      SHA-256:4AB62B514BAE327476ADD45F5804895578E9F1658D8CF40AC5E7C4FB227469FA
                                                                                                                                                                                                                                                      SHA-512:6447889FFE049579F3E09D5828393F7DC5268B2061895ED424F3C83B8C1929D6FECC6F8C9823C483F451C31458736D27D83EB3979A5C91703DAD913957717D09
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...ca.c.........." ...". .......p........................................................`.............................................t...................@..............t...........................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imaging.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):750080
                                                                                                                                                                                                                                                      Entropy (8bit):7.998268583758689
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:TcOlugK0Q4OCDzXvegFEiBqhzD/Yup9B2pMUHcNrIEvpyobII6QnKDzsrM/w+tR6:TcrCDD9bBqhzLhpvO3cNrDBnwQKDAMPp
                                                                                                                                                                                                                                                      MD5:24B9ED7A68752B1FBFF8D6E4DEB3CCF2
                                                                                                                                                                                                                                                      SHA1:B5F02F742F3E7DECA22B01AF2CDFE5049D187A86
                                                                                                                                                                                                                                                      SHA-256:EA70560B18994EEC4C1E1856EDA5FD2108CC22F602F3721C1BEEDD1679996B12
                                                                                                                                                                                                                                                      SHA-512:DB1373943986ED0B44DCA7FFAC7C96F955A648BE88B837805400CA774B5B70341D5A5F8AF2A6C59222B6BE2002737A40E74B1458344AA88417458699F928D978
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#d.5g..fg..fg..fn}.fw..f(y.ge..f(yufc..f(y.gi..f(y.go..f(y.gc..f.p.ge..f,}.g`..fg..fc..f.y.g...fg..f|..f.y.g-..f.y.gf..f.ywff..f.y.gf..fRichg..f........PE..d.....'d.........." ...".p.......... .$...................................... %...........`...........................................%.`.....%.......%.......#............. .%. ...........................8.%.(...l.%.@...........................................UPX0....................................UPX1.....p.......h..................@....rsrc.........%......l..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingcms.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):96768
                                                                                                                                                                                                                                                      Entropy (8bit):7.954287656970143
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:8vaKG5Of6QM511dQ5FBvrlxRcqu0UrXQSYiEd+SU6+fRoPJH4NbrJ/Q/3aM6Q9/V:8SKy5dQ5XhxRDUrgbhdPF+fmBYN6OJf
                                                                                                                                                                                                                                                      MD5:6733DB0C6AF1962358A2B0E819A23448
                                                                                                                                                                                                                                                      SHA1:A7A095C71A3809DD1558CF5BEA17F7C16CBC5625
                                                                                                                                                                                                                                                      SHA-256:3BCF5AD133FDD648C22B67D2819C923771D4586514D5E9D0051E088BA10BCBFC
                                                                                                                                                                                                                                                      SHA-512:7FCC307ADD30ECDFEF1F2D7446CC6F202785195673A2ACE8F9C5250A2A64319FE7D7B9218847E9F93A1545CD65887D5D4A0B32EBB08EC012CD7D5AAA9306E099
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........rx..+..+..+...+..+...*..+...*..+...*..+...*..+!..*..+...*..+..+...+$..*...+$..*..+$..+..+$..*..+Rich..+........................PE..d.....'d.........." ...".p...........2.......................................P............`.........................................|D..h....@.......@..........\............D.......................................>..@...........................................UPX0....................................UPX1.....p.......p..................@....rsrc........@.......t..............@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingft.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):692224
                                                                                                                                                                                                                                                      Entropy (8bit):7.998379316295987
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:zj7kGcwm1BQ16D7fWH6uIcFVt19qDpBHlv+h9DBW7:zjIGcwmQKWH6SFTrqDpBx+LDa
                                                                                                                                                                                                                                                      MD5:F63DA7EEDFC08FE144D3BF4E9556BF2D
                                                                                                                                                                                                                                                      SHA1:727C28A211A6EB168FC4F1114D437530D0472C82
                                                                                                                                                                                                                                                      SHA-256:78BAFB6ED313F0F5CC0115558FED81C46BA5055AADB5117B85373722C8DCCA16
                                                                                                                                                                                                                                                      SHA-512:6A2A590CE32EA5581FAEB6B55DAE0D6156831267EC2B347E4B5C9602EE74A1EF58F182D56B25DCCF4E2C655ABFC2CD9240EC530536A1DBD0086B34EB37B793E3
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......................<................R............................X........................P.........Rich...........................PE..d.....'d.........." ..."................. ................................................`.........................................X...d......h............`..@.......................................................@...........................................UPX0....................................UPX1......... ......................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_imagingtk.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                                                      Entropy (8bit):6.8574100581789965
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:DCK+UCIU7Aj+u54CJTiSVCWbFHj79+gCkyUxaVXFaL2HpAKdrye:D5CRt0iSVCWbZj78gCnUxaVXAL0AKdry
                                                                                                                                                                                                                                                      MD5:94C237E6ACDBF6EE7F060D109C47B58B
                                                                                                                                                                                                                                                      SHA1:ED5305A5CA7C5CA1E2246444A20C9EDC82F495C9
                                                                                                                                                                                                                                                      SHA-256:78ACC538AB16006B8B1162704924979FC4F3EA32C96C3D7F419E45B5805251CF
                                                                                                                                                                                                                                                      SHA-512:4632BFC70ACFED1F7915A1E4DF68DC48DA432A8D644D59849332AFDC82CFAAD4FC705E11B8B2BFBF56AA36C0878658BCD928BCB0A5B75A1EB1C928ED350127A6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bJ.?&+.l&+.l&+.l/S}l,+.liW.m$+.liW.m*+.liW.m.+.liW.m%+.l.^.m$+.lmS.m#+.l&+.l.+.l.W.m$+.l.W.m'+.l.W.l'+.l.W.m'+.lRich&+.l........................PE..d.....'d.........." ...".0..........0.....................................................`.............................................d....................`..............,.......................................(...@...........................................UPX0....................................UPX1.....0.......&..................@....rsrc................*..............@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\PIL\_webp.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):216064
                                                                                                                                                                                                                                                      Entropy (8bit):7.98646204031228
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:nA5Pjci7Q5avbYeaWBn5wWD1YKrfyjCKXBVjtmbX:ePjcPgZPhnrfyOKXA
                                                                                                                                                                                                                                                      MD5:96BF2F1EC99EDE91E4C85C1C55E88825
                                                                                                                                                                                                                                                      SHA1:15CA18D5C4620E9BF1BDF46902FE238410A29B6D
                                                                                                                                                                                                                                                      SHA-256:84498379B48C4FA2955688910F3409944BF4FC819C0F7C7FE07A5D1ED7D25EFA
                                                                                                                                                                                                                                                      SHA-512:1A7229CA7AEB1F1B8A525BBCB9952D741AD43BBC597ADA0A423586F2A65C3C6045716313EBB073CAC03D2E8802ACE2A49C9350E95953E288B8D1AC5F4F07F8E5
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.4...Z...Z...Z.......Z.D.[...Z.@.[...Z.D._...Z.D.^...Z.D.Y...Z..[...Z...[.X.Z..^.].Z..R...Z..Z...Z......Z..X...Z.Rich..Z.........................PE..d.....'d.........." ...".P.......`.......p................................................`.........................................x...\.................... ...L..................................................x...@...........................................UPX0.....`..............................UPX1.....P...p...B..................@....rsrc................F..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\VCRUNTIME140.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):109392
                                                                                                                                                                                                                                                      Entropy (8bit):6.643764685776923
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:DcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/Auecbq8qZU34zW/K0zD:DV3iC0h9q4v6XjKAuecbq8qGISb/
                                                                                                                                                                                                                                                      MD5:870FEA4E961E2FBD00110D3783E529BE
                                                                                                                                                                                                                                                      SHA1:A948E65C6F73D7DA4FFDE4E8533C098A00CC7311
                                                                                                                                                                                                                                                      SHA-256:76FDB83FDE238226B5BEBAF3392EE562E2CB7CA8D3EF75983BF5F9D6C7119644
                                                                                                                                                                                                                                                      SHA-512:0B636A3CDEFA343EB4CB228B391BB657B5B4C20DF62889CD1BE44C7BEE94FFAD6EC82DC4DB79949EDEF576BFF57867E0D084E0A597BF7BF5C8E4ED1268477E88
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d.....y..........." ...".....`.......................................................5....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):49488
                                                                                                                                                                                                                                                      Entropy (8bit):6.652691609629867
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:8EgYXUcHJcUJSDW/tfxL1qBS3hO6nb/TEHEXi9zufUKQXi9zug:8vGS8fZ1eUpreA+zuTc+zug
                                                                                                                                                                                                                                                      MD5:BBA9680BC310D8D25E97B12463196C92
                                                                                                                                                                                                                                                      SHA1:9A480C0CF9D377A4CAEDD4EA60E90FA79001F03A
                                                                                                                                                                                                                                                      SHA-256:E0B66601CC28ECB171C3D4B7AC690C667F47DA6B6183BFF80604C84C00D265AB
                                                                                                                                                                                                                                                      SHA-512:1575C786AC3324B17057255488DA5F0BC13AD943AC9383656BAF98DB64D4EC6E453230DE4CD26B535CE7E8B7D41A9F2D3F569A0EFF5A84AEB1C2F9D6E3429739
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............L...L...L...M...L...M...L.FL...L...L...L...M...L...M...L...M...L...M...L..*L...L...M...LRich...L........................PE..d...%CU..........." ...".<...8.......A...............................................@....`A........................................0m.......m..x....................r..PO......D....c..p...........................pb..@............P..h............................text...0:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_asyncio.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):35712
                                                                                                                                                                                                                                                      Entropy (8bit):7.649102416316352
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:+2sbZA5n1we/lPgOb1koYpu53VnJ2gl+NfOlQI75n2VYiSyvPRPxWED:+2RhZtXxkoYiTTENKQI75n2V7SynRPx
                                                                                                                                                                                                                                                      MD5:CD9D22812520B671EED3964DA7E5CDB9
                                                                                                                                                                                                                                                      SHA1:ADE6CC31B7610CFAE8EE8D2BA61C2C3D123AC5C1
                                                                                                                                                                                                                                                      SHA-256:00275ADF6FFE251CA6C46864D44B6F2F29341B76CE5C9E26EB11721CB8B134AB
                                                                                                                                                                                                                                                      SHA-512:A07E008D39B1044D89151A871FFFB18EA82814BF12574D6D959EF28CD590F2A09242D739FD9ABC4F6A4E32D1EB8CBD813BCEDCCA524551EAC1E1D92E2E245491
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........TF.q.F.q.F.q.O...D.q...p.D.q...t.J.q...u.N.q...r.E.q...p.E.q...p.D.q.F.p...q...|.G.q...q.G.q....G.q...s.G.q.RichF.q.................PE..d...$..c.........." ...".`.......... #.......................................P............`..........................................J..P....I..P....@......................DK..$..................................../..@...........................................UPX0....................................UPX1.....`.......R..................@....rsrc........@.......V..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_bz2.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48504
                                                                                                                                                                                                                                                      Entropy (8bit):7.773461990395197
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:7iQxyc/3D2HGItfsKbsonbgiHUoYVcW5I7tVbenYiSyv5PxWEDX:75xdEsKbtnbgqUoYt5I7tVb07SyxPx9
                                                                                                                                                                                                                                                      MD5:758FFF1D194A7AC7A1E3D98BCF143A44
                                                                                                                                                                                                                                                      SHA1:DE1C61A8E1FB90666340F8B0A34E4D8BFC56DA07
                                                                                                                                                                                                                                                      SHA-256:F5E913A9F2ADF7D599EA9BB105E144BA11699BBCB1514E73EDCF7E062354E708
                                                                                                                                                                                                                                                      SHA-512:468D7C52F14812D5BDE1E505C95CB630E22D71282BDA05BF66324F31560BFA06095CF60FC0D34877F8B361CCD65A1B61D0FD1F91D52FACB0BAF8E74F3FED31CC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................a.........................................t.........................................Rich....................PE..d...2..c.........." ..."............pd....................................................`.............................................H.................... .. ..................................................hp..@...........................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_ctypes.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):58232
                                                                                                                                                                                                                                                      Entropy (8bit):7.821424155463504
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:JUP3/jolpinLX2rRaWMzhB8yLI7QP7U7SykPxiM:u3/jolwXuRaW6SOI7QP7U2xB
                                                                                                                                                                                                                                                      MD5:6CA9A99C75A0B7B6A22681AA8E5AD77B
                                                                                                                                                                                                                                                      SHA1:DD1118B7D77BE6BB33B81DA65F6B5DC153A4B1E8
                                                                                                                                                                                                                                                      SHA-256:D39390552C55D8FD4940864905CD4437BC3F8EFE7FF3CA220543B2C0EFAB04F8
                                                                                                                                                                                                                                                      SHA-512:B0B5F2979747D2F6796D415DD300848F32B4E79EDE59827AC447AF0F4EA8709B60D6935D09E579299B3BC54B6C0F10972F17F6C0D1759C5388AD5B14689A23FE
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......NC..."..."..."...Z..."..E^..."..E^..."..E^..."..E^..."...^..."...P..."...P..."...K..."..."..."...^..."...^..."...^x.."...^..."..Rich."..........................PE..d.../..c.........." ...".........p..P........................................@............`.........................................H<.......9.......0..........,............<......................................X%..@...........................................UPX0.....p..............................UPX1................................@....rsrc........0......................@..............................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_decimal.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):106368
                                                                                                                                                                                                                                                      Entropy (8bit):7.935447983813077
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:ggCMV2Mz94bMgxECS8kePpTn8XI75qNp8mx:g1MV2Mz94og2tJePpwFp
                                                                                                                                                                                                                                                      MD5:EB45EA265A48348CE0AC4124CB72DF22
                                                                                                                                                                                                                                                      SHA1:ECDC1D76A205F482D1ED9C25445FA6D8F73A1422
                                                                                                                                                                                                                                                      SHA-256:3881F00DBC4AADF9E87B44C316D93425A8F6BA73D72790987226238DEFBC7279
                                                                                                                                                                                                                                                      SHA-512:F7367BF2A2D221A7508D767AD754B61B2B02CDD7AE36AE25B306F3443D4800D50404AC7E503F589450ED023FF79A2FB1DE89A30A49AA1DD32746C3E041494013
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|RTy..Ty..Ty..]...Zy......Vy......Yy......\y......Py......Wy......Vy..Ty...y......Uy......[y......Uy......Uy......Uy..RichTy..........PE..d...)..c.........." ...".p................................................... ............`.............................................P........................'......................................................@...........................................UPX0....................................UPX1.....p.......d..................@....rsrc................h..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_hashlib.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):34688
                                                                                                                                                                                                                                                      Entropy (8bit):7.615342100631813
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:aU3dM1TMhvg8KNML5TOuzSsI/RYdI75ImtYiSyvfPxWEabVV/:aedM1TMho8iMLPmv/KdI75Imt7SyXPxA
                                                                                                                                                                                                                                                      MD5:0D723BC34592D5BB2B32CF259858D80E
                                                                                                                                                                                                                                                      SHA1:EACFABD037BA5890885656F2485C2D7226A19D17
                                                                                                                                                                                                                                                      SHA-256:F2B927AAA856D23F628B01380D5A19BFE9233DB39C9078C0E0585D376948C13F
                                                                                                                                                                                                                                                      SHA-512:3E79455554D527D380ADCA39AC10DBF3914CA4980D8EE009B7DAF30AEB4E9359D9D890403DA9CC2B69327C695C57374C390FA780A8FD6148BBEA3136138EAD33
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.A.>...>...>...F2..>...B...>...B...>...B...>...B...>..iB...>...L...>...D...>...>..Q>..iB...>..iB...>..iB^..>..iB...>..Rich.>..........................PE..d.../..c.........." ...".P..........p........................................@............`..........................................;..P....9.......0.......................;......................................h*..@...........................................UPX0....................................UPX1.....P.......L..................@....rsrc........0.......P..............@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_lzma.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):86392
                                                                                                                                                                                                                                                      Entropy (8bit):7.918616838915833
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:I1KvmqFMCNL6eKmtYs76LBlBqLBxcZiV6IHxdc/k4Ncs7I7e1gT7SyJPxs:aqdLCOz76LBl4VxYcdc/19I7e1gTvxs
                                                                                                                                                                                                                                                      MD5:ABCEECEAEFF3798B5B0DE412AF610F58
                                                                                                                                                                                                                                                      SHA1:C3C94C120B5BED8BCCF8104D933E96AC6E42CA90
                                                                                                                                                                                                                                                      SHA-256:216AA4BB6F62DD250FD6D2DCDE14709AA82E320B946A21EDEEC7344ED6C2C62E
                                                                                                                                                                                                                                                      SHA-512:3E1A2EB86605AA851A0C5153F7BE399F6259ECAAD86DBCBF12EEAE5F985DC2EA2AB25683285E02B787A5B75F7DF70B4182AE8F1567946F99AD2EC7B27D4C7955
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.J[&.$.&.$.&.$./..".$.i.%.$.$.i.!.*.$.i. ...$.i.'.%.$...%.%.$...%.$.$.&.%.C.$...)...$...$.'.$.....'.$...&.'.$.Rich&.$.........PE..d...B..c.........." ...". ................................................................`.........................................4...L....................P..........................................................@...........................................UPX0....................................UPX1..... ..........................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_multiprocessing.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):25984
                                                                                                                                                                                                                                                      Entropy (8bit):7.493810835339704
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:Gmy6HNbpr+8C6LSf93tePBI7Rt2lYiSyvPPxWEa5Z:d9+8FKR0PBI7Rt2l7SynPxeZ
                                                                                                                                                                                                                                                      MD5:0D48797F8115161D1F4F607862C894F8
                                                                                                                                                                                                                                                      SHA1:377E116CE713CEF85764A722D83A6E43BDAB30A7
                                                                                                                                                                                                                                                      SHA-256:5D5C7C93157A6C483D03FEA46AAD60D91A53D87707D744FA7810134A0E6D2CD9
                                                                                                                                                                                                                                                      SHA-512:A61119FDD99A2900AF4CC738BA4BB9ACD7171906F15DDDBCF27CD2D4830EA155BBB590C2B4E9459EA70A17285CCF5649EFACDA81F05B9EF15CE4E4BFA77CD73A
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$Z*.E4y.E4y.E4y.=.y.E4y.95x.E4y.91x.E4y.90x.E4y.97x.E4yS95x.E4y.E5y.E4y?75x.E4yS99x.E4yS94x.E4yS9.y.E4yS96x.E4yRich.E4y........................PE..d...+..c.........." ...".0..........p.....................................................`.........................................4...`....................`......................................................x...@...........................................UPX0....................................UPX1.....0.......,..................@....rsrc................0..............@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_overlapped.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):31616
                                                                                                                                                                                                                                                      Entropy (8bit):7.5665023159396565
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:5k8GDYwKGtevarixdxu3dI7st2bYiSyvxPxWEa:2ETi93dI7st2b7SypPx
                                                                                                                                                                                                                                                      MD5:D22D51B9F7E5273373A380B832905832
                                                                                                                                                                                                                                                      SHA1:5B96CBD365101AFF5F9FEA55065A015ECFCD9725
                                                                                                                                                                                                                                                      SHA-256:A56E339E622E613E0664705988A2166168873CFC9507385BB6F7AC17E0546701
                                                                                                                                                                                                                                                      SHA-512:93B3C5031A67F2EC68BF6F12A795CE7DCA87D04D470E7097B47E8C1C2FB246C4D8D56FF4C6EC61D271815EB79FEFAE311A05D135B0B69CEC012D319DBBB4C40B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........({..F(..F(..F(...(..F(..G)..F(..C)..F(..B)..F(..E)..F(..G)..F(..G(..F(c.G)..F(c.B)..F(..K)..F(..F)..F(...(..F(..D)..F(Rich..F(................PE..d...-..c.........." ...".@................................................................`.........................................x...X...............................................................................@...........................................UPX0....................................UPX1.....@.......@..................@....rsrc................D..............@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_queue.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):24960
                                                                                                                                                                                                                                                      Entropy (8bit):7.453287262532455
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:rQpaT/6xXedjhX9CYLxhfcggnUxaVXALAZI77U2NuIYiSy1pCQAqfUvPxh8E9VFX:DSxw19p9uzZI77U2xYiSyvlfUvPxWEl
                                                                                                                                                                                                                                                      MD5:0D267BB65918B55839A9400B0FB11AA2
                                                                                                                                                                                                                                                      SHA1:54E66A14BEA8AE551AB6F8F48D81560B2ADD1AFC
                                                                                                                                                                                                                                                      SHA-256:13EE41980B7D0FB9CE07F8E41EE6A309E69A30BBF5B801942F41CBC357D59E9C
                                                                                                                                                                                                                                                      SHA-512:C2375F46A98E44F54E2DD0A5CC5F016098500090BB78DE520DC5E05AEF8E6F11405D8F6964850A03060CAED3628D0A6303091CBA1F28A0AA9B3B814217D71E56
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._ZF.1.F.1.F.1.O..D.1...0.D.1...4.J.1...5.N.1...2.E.1...0.E.1...0.D.1.F.0...1...<.G.1...1.G.1.....G.1...3.G.1.RichF.1.........PE..d...&..c.........." ...".0..........`.....................................................`.............................................L.......P............`..............<.......................................X...@...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_socket.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):42880
                                                                                                                                                                                                                                                      Entropy (8bit):7.6996745691481285
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:GL7Syo5lzOt+ufVwPVXahccu0D+gFiPnmJsSK0I7QwbmAYiSyvb9ZPxWEl:mkbzcKNGu0yXwbK0I7QwbmA7Syj/Px
                                                                                                                                                                                                                                                      MD5:AFD296823375E106C4B1AC8B39927F8B
                                                                                                                                                                                                                                                      SHA1:B05D811E5A5921D5B5CC90B9E4763FD63783587B
                                                                                                                                                                                                                                                      SHA-256:E423A7C2CE5825DFDD41CFC99C049FF92ABFB2AA394C85D0A9A11DE7F8673007
                                                                                                                                                                                                                                                      SHA-512:95E98A24BE9E603B2870B787349E2AA7734014AC088C691063E4078E11A04898C9C547D6998224B1B171FC4802039C3078A28C7E81D59F6497F2F9230D8C9369
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z..{4..{4..{4......{4...5..{4...1..{4...0..{4...7..{4.U.5..{4..{5.\{4.9.5..{4.U.9..{4.U.4..{4.U....{4.U.6..{4.Rich.{4.........................PE..d...0..c.........." ...".p..........0m....................................................`.............................................P.......h............ ..l...........X.......................................8y..@...........................................UPX0....................................UPX1.....p.......l..................@....rsrc................p..............@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_sqlite3.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):50048
                                                                                                                                                                                                                                                      Entropy (8bit):7.763546199450955
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:u8Mdv1OCWk0z+q3QCjbouAfI75QrA7SyDPx:hQO00zrrvbgI75QrANx
                                                                                                                                                                                                                                                      MD5:7B45AFC909647C373749EF946C67D7CF
                                                                                                                                                                                                                                                      SHA1:81F813C1D8C4B6497C01615DCB6AA40B92A7BD20
                                                                                                                                                                                                                                                      SHA-256:A5F39BFD2B43799922E303A3490164C882F6E630777A3A0998E89235DC513B5E
                                                                                                                                                                                                                                                      SHA-512:FE67E58F30A2C95D7D42A102ED818F4D57BAA524C5C2D781C933DE201028C75084C3E836FF4237E066F3C7DD6A5492933C3DA3FEE76EB2C50A6915996EF6D7FB
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8..|...|...|...u...z...3...~...3.~.}...3...q...3...t...3..........y.......~...|..........u......}....|.}......}...Rich|...........PE..d...[..c.........." ...".........@..0....P................................................`.............................................P.......4............`..............(.......................................(...@...........................................UPX0.....@..............................UPX1.........P......................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_ssl.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):62328
                                                                                                                                                                                                                                                      Entropy (8bit):7.850362561913567
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:CedJItp3BP6kGsJMthwMtbyG68sj8I7t7QOC7SycPxu:P8tVBPpGsUt+usYI7t7QT+xu
                                                                                                                                                                                                                                                      MD5:1E643C629F993A63045B0FF70D6CF7C6
                                                                                                                                                                                                                                                      SHA1:9AF2D22226E57DC16C199CAD002E3BEB6A0A0058
                                                                                                                                                                                                                                                      SHA-256:4A50B4B77BF9E5D6F62C7850589B80B4CAA775C81856B0D84CB1A73D397EB38A
                                                                                                                                                                                                                                                      SHA-512:9D8CD6E9C03880CC015E87059DB28FF588881679F8E3F5A26A90F13E2C34A5BD03FB7329D9A4E33C4A01209C85A36FC999E77D9ECE42CEBDB738C2F1FD6775AF
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,z..h.gLh.gLh.gLac.Ln.gL'gfMj.gL'gbMe.gL'gcM`.gL'gdMk.gL.gfMj.gL.afMl.gLh.fL..gL.ifMo.gL.gjMj.gL.ggMi.gL.g.Li.gL.geMi.gLRichh.gL................PE..d...3..c.........." ..."............ .....................................................`.........................................p...d....................P......................................................(...@...........................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_uuid.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22400
                                                                                                                                                                                                                                                      Entropy (8bit):7.361536802022009
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:YbjUslT24o0uNnUxaVXALkpiI7ewWYcIYiSy1pCQDMaPxh8E9VF0Nyvzo:6j3lKNfpiI7ewWQYiSyvfPxWEx
                                                                                                                                                                                                                                                      MD5:81DFA68CA3CB20CED73316DBC78423F6
                                                                                                                                                                                                                                                      SHA1:8841CF22938AA6EE373FF770716BB9C6D9BC3E26
                                                                                                                                                                                                                                                      SHA-256:D0CB6DD98A2C9D4134C6EC74E521BAD734BC722D6A3B4722428BF79E7B66F190
                                                                                                                                                                                                                                                      SHA-512:E24288AE627488251682CD47C1884F2DC5F4CD834D7959B9881E5739C42D91FD0A30E75F0DE77F5B5A0D63D9BAEBCAFA56851E7E40812DF367FD433421C0CCDB
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;$p^ZJ#^ZJ#^ZJ#W".#\ZJ#.&K"\ZJ#.&O"RZJ#.&N"VZJ#.&I"]ZJ#.&K"\ZJ#.(K"[ZJ#^ZK#tZJ#.&B"_ZJ#.&J"_ZJ#.&.#_ZJ#.&H"_ZJ#Rich^ZJ#................PE..d...+..c.........." ...". .......`.......p................................................`.........................................8...L....................@......................................................x...@...........................................UPX0.....`..............................UPX1..... ...p......................@....rsrc................"..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\_win32sysloader.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11776
                                                                                                                                                                                                                                                      Entropy (8bit):6.772611075994812
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:lpadimkU6KnFt4Zdcpbd8m5OonxCe4W7Oj5aLRkyUxaVXFaL2cxa/UQ0D:C4KFtycpbd8EOonxCeZOFaLRnUxaVXAt
                                                                                                                                                                                                                                                      MD5:CA5D703BECCFFFB4CEF13729E56DE725
                                                                                                                                                                                                                                                      SHA1:F5AEB8D98D4FEDE04F3EF76A8C2E3A6AC5CE1C64
                                                                                                                                                                                                                                                      SHA-256:3113117C0B67CD9532053ADEE0D87A83B32E9EEC4101BEA437EE3AB3F6D1D6A2
                                                                                                                                                                                                                                                      SHA-512:BED0F5490DA5593C7C94C9F292B5FB2698A6040A8F4FB1151709BED3E450D55E8D74F9B558EEB0893EA89BF01B05A5DF714B67CFC2B419A52E0C2C00BB2A16AA
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......tSf.02..02..02..9J..22..bG..22..$Y..22..bG..;2..bG..82..bG..32..[..32..02...2...G..12...G..12...G..12..Rich02..................PE..d......d.........." .....0.......... .....................................................`.............................................`...x...P.......x....`..............(...........................................8...........................................UPX0....................................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_helpers.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):27136
                                                                                                                                                                                                                                                      Entropy (8bit):7.685017539377102
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:X/8GQ7EPC5BHnZyNIKXi8cwxWPYZ4GBsGLfggQxbMAnUxaVXALV/:v87HnZyNIKXglK4GBsQm7C
                                                                                                                                                                                                                                                      MD5:0F4045438442F0165C69DE204A29CC83
                                                                                                                                                                                                                                                      SHA1:7AB8E1881A0A987C96A617511DC2142D0596CC1B
                                                                                                                                                                                                                                                      SHA-256:88F1647EF7DD19875B6A559BF961498B5BFDBEA566730B013CB2FF3FF7C571FC
                                                                                                                                                                                                                                                      SHA-512:F2F01B63918290D95F671CFD3E4E444869D8136A01A4A8392ED970B69885796FB36A603BEE7BB0FE0D28B500F657184EA8205A45665041E84C8FD4C581FEADCC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&@.[b!x.b!x.b!x.kY..`!x.d.y.`!x.)Yy.`!x.d.}.n!x.d.|.j!x.d.{.a!x..Ty.a!x.b!y..!x...p.c!x...x.c!x.....c!x...z.c!x.Richb!x.................PE..d.....f.........." ...&.p..........@C.......................................p............`.........................................@b..`....`..P....`.......................b..$...................................8O..@...........................................UPX0....................................UPX1.....p.......b..................@....rsrc........`.......f..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_http_parser.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):82432
                                                                                                                                                                                                                                                      Entropy (8bit):7.942768231901642
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:KxS2n4lTP4zUIonTKB+2mxg3vNnj5uRDwyq7vefvrKalbgEM9xI:T2nKTPYVonTKBB11nj5uRDwyj
                                                                                                                                                                                                                                                      MD5:C7D92FA96CD919696A208977D2ED1C5D
                                                                                                                                                                                                                                                      SHA1:2AF05EC13A8F5933BC8B338478026A85362A854C
                                                                                                                                                                                                                                                      SHA-256:769E0C50E7094CC0BE538B272DEECD890181C7F27C1793A3D7181BB823E736C3
                                                                                                                                                                                                                                                      SHA-512:27E1919F18A26BE70E52AAD68D6FE0804E3CF7120A427DD6D7C8CDA5505BCF3E9CA99DD3C9CAF5CCB6EA33EFB57A4D1FB8C8D98E41F20B9D03BB7EDACEFC204B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]..v3Q.v3Q.v3Q...Q.v3Q..2P.v3Q..2P.v3Qt.2P.v3Q.v2QTv3Q..6P.v3Q..7P.v3Q..0P.v3Q..;P.v3Q..3P.v3Q...Q.v3Q..1P.v3QRich.v3Q................PE..d.....f.........." ...&.@.......`.......p................................................`.................................................................0..............\...........................................@...........................................UPX0.....`..............................UPX1.....@...p...6..................@....rsrc................:..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_http_writer.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):25088
                                                                                                                                                                                                                                                      Entropy (8bit):7.672266916937516
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:XpLrqFWsVK49sIDeFuzzd+AwDrUk3bF7p2qvAfNcDAJ4/ib+y55YR8nUxaVXALHD:8TVKkPDeyC3Uw7YAAfN/lZeWM
                                                                                                                                                                                                                                                      MD5:A3AE333CC95B70561125A695256C7C05
                                                                                                                                                                                                                                                      SHA1:07B29617025D372DD28E9BA638E759FB6F68D766
                                                                                                                                                                                                                                                      SHA-256:1A3BF97DA43A1683341E1FBC5C46029A2FCC660C36451ED9F78D3F7D78547CDD
                                                                                                                                                                                                                                                      SHA-512:FA2578D6505934E9476855D96E83F1EE42184C3774A158119BFCA1BD050D44B49F683EAEBA05834F91634FBD9764AC933EC15A209C87B0C3A345032757A649B5
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."@.Tf!x.f!x.f!x.oY..d!x.`.y.d!x.-Yy.d!x.`.}.j!x.`.|.n!x.`.{.e!x..Ty.e!x.f!y..!x...p.g!x...x.g!x.....g!x...z.g!x.Richf!x.........................PE..d.....f.........." ...&.`...........k... ................................................`.........................................@...h.......P............ ..0....................................................w..@...........................................UPX0....................................UPX1.....`... ...Z..................@....rsrc................^..............@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\aiohttp\_websocket.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):19968
                                                                                                                                                                                                                                                      Entropy (8bit):7.599122831130233
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:xRKQMLIDjLdT3jcFCPSBf/tmwzIm9+aGnU5YlAmmX7tFNDQhnkqUbnUxaVXALaAA:rVMkDNTzcoaB2moznjSm+PtakThF
                                                                                                                                                                                                                                                      MD5:D19146403235AB715189B4690C75F85E
                                                                                                                                                                                                                                                      SHA1:CF99D5413F1D81981203695A30A923079A96A84D
                                                                                                                                                                                                                                                      SHA-256:DC94C7F093043F0D304CC9C7A00B10702F8BD0D6F671C2CC272F03F067562D27
                                                                                                                                                                                                                                                      SHA-512:A5C9499248A1A0E3C54F75AC7EA8AE8D1D63AD23D623B165409226C7D4FFBB3C8D99A3B5EEC9F23B8D893296807117A0730615D2E80862137099EB77B066DC9C
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&@.Tb!..b!..b!..kYk.`!..d...`!..)Y..`!..d...n!..d...j!..d...a!...T..a!..b!...!......c!......c!......c!......c!..Richb!..........PE..d.....f.........." ...&.P................................................................`.........................................@...d.......P...............4.......................................................@...........................................UPX0....................................UPX1.....P.......F..................@....rsrc................J..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info\INSTALLER

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info\LICENSE

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1002
                                                                                                                                                                                                                                                      Entropy (8bit):5.178870450986544
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:wy+rmJHcwH0MP3gt99QHOsUv4eOk4/+/m3oqMSFJ:9+aJ8YHvEnQHOs5exm3oEFJ
                                                                                                                                                                                                                                                      MD5:3590EB8D695BDCEA3BA57E74ADF8A4ED
                                                                                                                                                                                                                                                      SHA1:5B3C3863D521CF35E75E36A22E5EC4A80C93C528
                                                                                                                                                                                                                                                      SHA-256:6C194D6DB0C64D45535D10C95142B9B0CDA7B7DCC7F1DDEE302B3D536F3DBE46
                                                                                                                                                                                                                                                      SHA-512:405E4F136E282352DF9FC60C2CE126E26A344DD63F92AAB0E77DE60694BD155A13CF41C13E88C00FB95032A90526AD32C9E4B7D53CA352E03C3882ED648821F0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Copyright (c) 2004 Istvan Albert unless otherwise noted..Copyright (c) 2006-2010 Bob Ippolito.Copyright (2) 2010-2020 Ronald Oussoren, et. al...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS.IN THE SOFTWARE

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info\METADATA

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):7264
                                                                                                                                                                                                                                                      Entropy (8bit):4.9335139350342505
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:D4lWAqZjaaYxmPktjas13ieOGZND9REZ4y+KezAYx09zB5KENViyh5YZXc9Me6WW:QqW8GZNjiui9KUQHDyKtZx
                                                                                                                                                                                                                                                      MD5:22177E21CADF554A961F1EB13DA4CEAF
                                                                                                                                                                                                                                                      SHA1:35610F8C8AE735AC6A03C7556B55170248748D6B
                                                                                                                                                                                                                                                      SHA-256:691116CB60E4B1DD5554077804932FD0290357120FC9921F03D27664526B1295
                                                                                                                                                                                                                                                      SHA-512:A213C826D1B84BD7207BB6FA652B2F618D27B05ABC9F308086D704FD6A5D4A26BE75522786EC77C650AB52D35D2B34A6096BCBD9553D8C7AC1372EE4B59F72B3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: altgraph.Version: 0.17.4.Summary: Python graph (network) package.Home-page: https://altgraph.readthedocs.io.Download-URL: http://pypi.python.org/pypi/altgraph.Author: Ronald Oussoren.Author-email: ronaldoussoren@mac.com.Maintainer: Ronald Oussoren.Maintainer-email: ronaldoussoren@mac.com.License: MIT.Keywords: graph.Platform: any.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Class

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info\RECORD

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1466
                                                                                                                                                                                                                                                      Entropy (8bit):5.80543063460573
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:Hzn/2zDiTzv5MIzZOTzHz4BsXWzlrIhikTz39+SWUz4EUbR4w1+4V1LkzcRG2lkx:HznuXiTzyIzYTzHz4TzlriHTz39+7I4a
                                                                                                                                                                                                                                                      MD5:8F6CAAF90B4C653279EFD81CCFFFF5E3
                                                                                                                                                                                                                                                      SHA1:A95049B0512A670C609D9FF2AD68CBDC62712BCA
                                                                                                                                                                                                                                                      SHA-256:2D8DCE3D5542EC6ABA57299511AE6BD61EBD4789C52AE67715E219B616CC356C
                                                                                                                                                                                                                                                      SHA-512:304185EE1A09C94D73C1D2D98FA5694F7BE2E5475111EE03C491FAC79F3C888D4E63C2D564B7611C339A9589A7B26E4D67E8638A887257EDB61864E20958E2B3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:altgraph-0.17.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..altgraph-0.17.4.dist-info/LICENSE,sha256=bBlNbbDGTUVTXRDJUUK5sM2nt9zH8d3uMCs9U289vkY,1002..altgraph-0.17.4.dist-info/METADATA,sha256=aREWy2Dksd1VVAd4BJMv0CkDVxIPyZIfA9J2ZFJrEpU,7264..altgraph-0.17.4.dist-info/RECORD,,..altgraph-0.17.4.dist-info/WHEEL,sha256=a-zpFRIJzOq5QfuhBzbhiA1eHTzNCJn8OdRvhdNX0Rk,110..altgraph-0.17.4.dist-info/top_level.txt,sha256=HEBeRWf5ItVPc7Y9hW7hGlrLXZjPoL4by6CAhBV_BwA,9..altgraph-0.17.4.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1..altgraph/Dot.py,sha256=gKEp6Su_CoOWQYt5HIVs_7MBYK1BEOhKX0RLAAA-vQs,9929..altgraph/Graph.py,sha256=6b6fSHLA5QSqMDnSHIO7_WJnBYIdq3K5Bt8VipRODwg,20788..altgraph/GraphAlgo.py,sha256=Uu9aTjSKWi38iQ_e9ZrwCnzQaI1WWFDhJ6kfmu0jxAA,5645..altgraph/GraphStat.py,sha256=LKya4BKXJ5GZi5-sNYU17aOBTLxqn_tVgbiw4sWGYIU,1888..altgraph/GraphUtil.py,sha256=1T4DJc2bJn6EIU_Ct4m0oiKlXWkXvqcXE8CGL2K9en8,3990..altgraph/ObjectGraph.py,sha256=o7f

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info\WHEEL

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):110
                                                                                                                                                                                                                                                      Entropy (8bit):4.798786725303218
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:RtEeX7MWcSlVlhVMSgP+tPCCf7irO5S:RtBMwlVSZWBBwt
                                                                                                                                                                                                                                                      MD5:F1EFFD0B429F462BD08132474A8B4FA6
                                                                                                                                                                                                                                                      SHA1:A9D3050AF622BDA1BD73C00DC377625FF44D2559
                                                                                                                                                                                                                                                      SHA-256:6BECE9151209CCEAB941FBA10736E1880D5E1D3CCD0899FC39D46F85D357D119
                                                                                                                                                                                                                                                      SHA-512:EF7D53063CFCB54155F4C700C9E99ADBA9BF6085296B8CF1E3AB86767B7C96D1A4EBF4F6B19D4942DA7F6CBC0AC25DFEA8EAE4CE461B1701CB1ACF9B2B68BB6D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.40.0).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info\top_level.txt

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):9
                                                                                                                                                                                                                                                      Entropy (8bit):2.94770277922009
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:gRUEv:gee
                                                                                                                                                                                                                                                      MD5:BEB0CA64AA7DD6722F65930793F447D5
                                                                                                                                                                                                                                                      SHA1:9BBA1BCE17FB25BDC9E6AA7AD8077999422EFD86
                                                                                                                                                                                                                                                      SHA-256:1C405E4567F922D54F73B63D856EE11A5ACB5D98CFA0BE1BCBA08084157F0700
                                                                                                                                                                                                                                                      SHA-512:BC4C40BCC527A9E40A934B6B594278A89625C9142795582C223E227A2D6ECCEB3233F10AA790E87D44171207AC0FEAC09581BD63C71937F97BB8F07E8CC88F30
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:altgraph.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\altgraph-0.17.4.dist-info\zip-safe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:v:v
                                                                                                                                                                                                                                                      MD5:68B329DA9893E34099C7D8AD5CB9C940
                                                                                                                                                                                                                                                      SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                                                                                                                                                                                                                                      SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                                                                                                                                                                                                                                      SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22112
                                                                                                                                                                                                                                                      Entropy (8bit):4.744270711412692
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:zFOhcWqhWpvWEXCVWQ4iWwklRxwVIX01k9z3AROVaz4ILS:zFlWqhWpk6R9zeU0J2
                                                                                                                                                                                                                                                      MD5:E8B9D74BFD1F6D1CC1D99B24F44DA796
                                                                                                                                                                                                                                                      SHA1:A312CFC6A7ED7BF1B786E5B3FD842A7EEB683452
                                                                                                                                                                                                                                                      SHA-256:B1B3FD40AB437A43C8DB4994CCFFC7F88000CC8BB6E34A2BCBFF8E2464930C59
                                                                                                                                                                                                                                                      SHA-512:B74D9B12B69DB81A96FC5A001FD88C1E62EE8299BA435E242C5CB2CE446740ED3D8A623E1924C2BC07BFD9AEF7B2577C9EC8264E53E5BE625F4379119BAFCC27
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....dZ..........." .........0...............................................@............`A........................................p...,............0...............0..`&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):4.602255667966723
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:NWqhWEWEXCVWQ4cRWvBQrVXC4dlgX01k9z3AUj7W6SxtR:NWqhWPlZVXC4deR9zVj7QR
                                                                                                                                                                                                                                                      MD5:CFE0C1DFDE224EA5FED9BD5FF778A6E0
                                                                                                                                                                                                                                                      SHA1:5150E7EDD1293E29D2E4D6BB68067374B8A07CE6
                                                                                                                                                                                                                                                      SHA-256:0D0F80CBF476AF5B1C9FD3775E086ED0DFDB510CD0CC208EC1CCB04572396E3E
                                                                                                                                                                                                                                                      SHA-512:B0E02E1F19CFA7DE3693D4D63E404BDB9D15527AC85A6D492DB1128BB695BFFD11BEC33D32F317A7615CB9A820CD14F9F8B182469D65AF2430FFCDBAD4BD7000
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....N7.........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):4.606873381830854
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:T0WqhWnWEXCVWQ4mW5ocADB6ZX01k9z3AkprGvV:T0WqhW8VcTR9zJpr4V
                                                                                                                                                                                                                                                      MD5:33BBECE432F8DA57F17BF2E396EBAA58
                                                                                                                                                                                                                                                      SHA1:890DF2DDDFDF3EECCC698312D32407F3E2EC7EB1
                                                                                                                                                                                                                                                      SHA-256:7CF0944901F7F7E0D0B9AD62753FC2FE380461B1CCE8CDC7E9C9867C980E3B0E
                                                                                                                                                                                                                                                      SHA-512:619B684E83546D97FC1D1BC7181AD09C083E880629726EE3AF138A9E4791A6DCF675A8DF65DC20EDBE6465B5F4EAC92A64265DF37E53A5F34F6BE93A5C2A7AE5
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....IL..........." .........0...............................................@...........`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.65169290018864
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:qzmxD3T4qLWqhW2WJWadJCsVWQ4mW/xNVAv+cQ0GX01k9z3ARoanSwT44:qzQVWqhWTCsiNbZR9zQoUSwTJ
                                                                                                                                                                                                                                                      MD5:EB0978A9213E7F6FDD63B2967F02D999
                                                                                                                                                                                                                                                      SHA1:9833F4134F7AC4766991C918AECE900ACFBF969F
                                                                                                                                                                                                                                                      SHA-256:AB25A1FE836FC68BCB199F1FE565C27D26AF0C390A38DA158E0D8815EFE1103E
                                                                                                                                                                                                                                                      SHA-512:6F268148F959693EE213DB7D3DB136B8E3AD1F80267D8CBD7D5429C021ADACCC9C14424C09D527E181B9C9B5EA41765AFF568B9630E4EB83BFC532E56DFE5B63
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..H...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):26216
                                                                                                                                                                                                                                                      Entropy (8bit):4.866487428274293
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:gaNYPvVX8rFTsCWqhWVWEXCVWQ4mWPJlBLrp0KBQfX01k9z3ALkBw:WPvVX8WqhWiyBRxB+R9z2kBw
                                                                                                                                                                                                                                                      MD5:EFAD0EE0136532E8E8402770A64C71F9
                                                                                                                                                                                                                                                      SHA1:CDA3774FE9781400792D8605869F4E6B08153E55
                                                                                                                                                                                                                                                      SHA-256:3D2C55902385381869DB850B526261DDEB4628B83E690A32B67D2E0936B2C6ED
                                                                                                                                                                                                                                                      SHA-512:69D25EDF0F4C8AC5D77CB5815DFB53EAC7F403DC8D11BFE336A545C19A19FFDE1031FA59019507D119E4570DA0D79B95351EAC697F46024B4E558A0FF6349852
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....(............" .........@...............................................P......z.....`A........................................p................@...............@..h&..............p............................................................................rdata..|........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.619913450163593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:iDGaWqhWhWJWadJCsVWQ4mWd9afKUSIX01k9z3AEXzAU9:i6aWqhWACs92IR9z5EU9
                                                                                                                                                                                                                                                      MD5:1C58526D681EFE507DEB8F1935C75487
                                                                                                                                                                                                                                                      SHA1:0E6D328FAF3563F2AAE029BC5F2272FB7A742672
                                                                                                                                                                                                                                                      SHA-256:EF13DCE8F71173315DFC64AB839B033AB19A968EE15230E9D4D2C9D558EFEEE2
                                                                                                                                                                                                                                                      SHA-512:8EDB9A0022F417648E2ECE9E22C96E2727976332025C3E7D8F15BCF6D7D97E680D1BF008EB28E2E0BD57787DCBB71D38B2DEB995B8EDC35FA6852AB1D593F3D1
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....RS.........." .........0...............................................@......;.....`A........................................p...L............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):18696
                                                                                                                                                                                                                                                      Entropy (8bit):7.054510010549814
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:eVrW1hWbvm0GftpBjzH4m3S9gTlUK3dsl:eVuAViaB/6sl
                                                                                                                                                                                                                                                      MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
                                                                                                                                                                                                                                                      SHA1:402B7B8F8DCFD321B1D12FC85A1EE5137A5569B2
                                                                                                                                                                                                                                                      SHA-256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
                                                                                                                                                                                                                                                      SHA-512:B319CC7B436B1BE165CDF6FFCAB8A87FE29DE78F7E0B14C8F562BE160481FB5483289BD5956FDC1D8660DA7A3F86D8EEDE35C6CC2B7C3D4C852DECF4B2DCDB7F
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...4.F>.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.625331165566263
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:qzWqhWxWJWadJCsVWQ4mW8RJLNVAv+cQ0GX01k9z3ARo8ef3uBJu:qzWqhWwCsjNbZR9zQoEzu
                                                                                                                                                                                                                                                      MD5:E89CDCD4D95CDA04E4ABBA8193A5B492
                                                                                                                                                                                                                                                      SHA1:5C0AEE81F32D7F9EC9F0650239EE58880C9B0337
                                                                                                                                                                                                                                                      SHA-256:1A489E0606484BD71A0D9CB37A1DC6CA8437777B3D67BFC8C0075D0CC59E6238
                                                                                                                                                                                                                                                      SHA-512:55D01E68C8C899E99A3C62C2C36D6BCB1A66FF6ECD2636D2D0157409A1F53A84CE5D6F0C703D5ED47F8E9E2D1C9D2D87CC52585EE624A23D92183062C999B97E
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....Hb..........." .........0...............................................@............`A........................................p...`............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.737397647066978
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:OdxlZWqhWcWJWadJCsVWQ4mWlhtFyttuX01k9z3A2oD:OdxlZWqhWpCsctkSR9zfoD
                                                                                                                                                                                                                                                      MD5:ACCC640D1B06FB8552FE02F823126FF5
                                                                                                                                                                                                                                                      SHA1:82CCC763D62660BFA8B8A09E566120D469F6AB67
                                                                                                                                                                                                                                                      SHA-256:332BA469AE84AA72EC8CCE2B33781DB1AB81A42ECE5863F7A3CB5A990059594F
                                                                                                                                                                                                                                                      SHA-512:6382302FB7158FC9F2BE790811E5C459C5C441F8CAEE63DF1E09B203B8077A27E023C4C01957B252AC8AC288F8310BCEE5B4DCC1F7FC691458B90CDFAA36DCBE
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....B.l.........." .........0...............................................@.......A....`A........................................p................0...............0..x&..............p............................................................................rdata..|...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):4.6569647133331316
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:dwWqhWWWEXCVWQ4mWLnySfKUSIX01k9z3AEXz5SLaDa3:iWqhWJhY2IR9z5YLt3
                                                                                                                                                                                                                                                      MD5:C6024CC04201312F7688A021D25B056D
                                                                                                                                                                                                                                                      SHA1:48A1D01AE8BC90F889FB5F09C0D2A0602EE4B0FD
                                                                                                                                                                                                                                                      SHA-256:8751D30DF554AF08EF42D2FAA0A71ABCF8C7D17CE9E9FF2EA68A4662603EC500
                                                                                                                                                                                                                                                      SHA-512:D86C773416B332945ACBB95CBE90E16730EF8E16B7F3CCD459D7131485760C2F07E95951AEB47C1CF29DE76AFFEB1C21BDF6D8260845E32205FE8411ED5EFA47
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...}.o..........." .........0...............................................@......v.....`A........................................p................0...............0..h&..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):4.882042129450427
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:9TvuBL3BBLAWqhWUWEXCVWQ4iWgdCLVx6RMySX01k9z3AzaXQ+BB:9TvuBL3BaWqhW/WSMR9zqaP
                                                                                                                                                                                                                                                      MD5:1F2A00E72BC8FA2BD887BDB651ED6DE5
                                                                                                                                                                                                                                                      SHA1:04D92E41CE002251CC09C297CF2B38C4263709EA
                                                                                                                                                                                                                                                      SHA-256:9C8A08A7D40B6F697A21054770F1AFA9FFB197F90EF1EEE77C67751DF28B7142
                                                                                                                                                                                                                                                      SHA-512:8CF72DF019F9FC9CD22FF77C37A563652BECEE0708FF5C6F1DA87317F41037909E64DCBDCC43E890C5777E6BCFA4035A27AFC1AEEB0F5DEBA878E3E9AEF7B02A
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....g..........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-louserzation-l1-2-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):5.355894399765837
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:0naOMw3zdp3bwjGzue9/0jCRrndbnWqhW5lFydVXC4deR9zVj7xR:FOMwBprwjGzue9/0jCRrndbtGydVXC4O
                                                                                                                                                                                                                                                      MD5:724223109E49CB01D61D63A8BE926B8F
                                                                                                                                                                                                                                                      SHA1:072A4D01E01DBBAB7281D9BD3ADD76F9A3C8B23B
                                                                                                                                                                                                                                                      SHA-256:4E975F618DF01A492AE433DFF0DD713774D47568E44C377CEEF9E5B34AAD1210
                                                                                                                                                                                                                                                      SHA-512:19B0065B894DC66C30A602C9464F118E7F84D83010E74457D48E93AACA4422812B093B15247B24D5C398B42EF0319108700543D13F156067B169CCFB4D7B6B7C
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...0.&3.........." .........0...............................................@......L0....`A........................................p................0...............0..h&..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):4.771309314175772
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:L0WqhWTWEXCVWQ4cRWdmjKDUX01k9z3AQyMX/7kn:L0WqhWol1pR9zzDY
                                                                                                                                                                                                                                                      MD5:3C38AAC78B7CE7F94F4916372800E242
                                                                                                                                                                                                                                                      SHA1:C793186BCF8FDB55A1B74568102B4E073F6971D6
                                                                                                                                                                                                                                                      SHA-256:3F81A149BA3862776AF307D5C7FEEF978F258196F0A1BF909DA2D3F440FF954D
                                                                                                                                                                                                                                                      SHA-512:C2746AA4342C6AFFFBD174819440E1BBF4371A7FED29738801C75B49E2F4F94FD6D013E002BAD2AADAFBC477171B8332C8C5579D624684EF1AFBFDE9384B8588
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...`.@f.........." .........0...............................................@......K.....`A........................................p...l............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.7115212149950185
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:bWqhWUxWJWadJCsVWQ4mW5iFyttuX01k9z3A2EC:bWqhWUwCs8SR9zfEC
                                                                                                                                                                                                                                                      MD5:321A3CA50E80795018D55A19BF799197
                                                                                                                                                                                                                                                      SHA1:DF2D3C95FB4CBB298D255D342F204121D9D7EF7F
                                                                                                                                                                                                                                                      SHA-256:5476DB3A4FECF532F96D48F9802C966FDEF98EC8D89978A79540CB4DB352C15F
                                                                                                                                                                                                                                                      SHA-512:3EC20E1AC39A98CB5F726D8390C2EE3CD4CD0BF118FDDA7271F7604A4946D78778713B675D19DD3E1EC1D6D4D097ABE9CD6D0F76B3A7DFF53CE8D6DBC146870A
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...j............" .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):4.893761152454321
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:dEFP2WqhWVWEXCVWQ4mW68vx6RMySX01k9z3AzapOP:eF+WqhWi6gMR9zqa0
                                                                                                                                                                                                                                                      MD5:0462E22F779295446CD0B63E61142CA5
                                                                                                                                                                                                                                                      SHA1:616A325CD5B0971821571B880907CE1B181126AE
                                                                                                                                                                                                                                                      SHA-256:0B6B598EC28A9E3D646F2BB37E1A57A3DDA069A55FBA86333727719585B1886E
                                                                                                                                                                                                                                                      SHA-512:07B34DCA6B3078F7D1E8EDE5C639F697C71210DCF9F05212FD16EB181AB4AC62286BC4A7CE0D84832C17F5916D0224D1E8AAB210CEEFF811FC6724C8845A74FE
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...L.Y..........." .........0...............................................@............`A........................................p...H............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):5.231196901820079
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:/Mck1JzX9cKSI0WqhWsWJWadJCsVWQ4mWClLeyttuX01k9z3A2XCJq:Uck1JzNcKSI0WqhWZCsvfSR9zfyk
                                                                                                                                                                                                                                                      MD5:C3632083B312C184CBDD96551FED5519
                                                                                                                                                                                                                                                      SHA1:A93E8E0AF42A144009727D2DECB337F963A9312E
                                                                                                                                                                                                                                                      SHA-256:BE8D78978D81555554786E08CE474F6AF1DE96FCB7FA2F1CE4052BC80C6B2125
                                                                                                                                                                                                                                                      SHA-512:8807C2444A044A3C02EF98CF56013285F07C4A1F7014200A21E20FCB995178BA835C30AC3889311E66BC61641D6226B1FF96331B019C83B6FCC7C87870CCE8C4
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....O.j.........." .........0...............................................@......9&....`A........................................p................0...............0..x&..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.799245167892134
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:R0DfIeUWqhWLWJWadJCsVWQ4mWFVyttuX01k9z3A2YHmp:R0DfIeUWqhWiCsLSR9zfYHmp
                                                                                                                                                                                                                                                      MD5:517EB9E2CB671AE49F99173D7F7CE43F
                                                                                                                                                                                                                                                      SHA1:4CCF38FED56166DDBF0B7EFB4F5314C1F7D3B7AB
                                                                                                                                                                                                                                                      SHA-256:57CC66BF0909C430364D35D92B64EB8B6A15DC201765403725FE323F39E8AC54
                                                                                                                                                                                                                                                      SHA-512:492BE2445B10F6BFE6C561C1FC6F5D1AF6D1365B7449BC57A8F073B44AE49C88E66841F5C258B041547FCD33CBDCB4EB9DD3E24F0924DB32720E51651E9286BE
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....#..........." .........0...............................................@.......,....`A........................................p................0...............0..x&..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.587063911311469
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:fWqhWeWJWadJCsVWQ4mWMs7DENNVAv+cQ0GX01k9z3ARoIGA/:fWqhWbCs8oNbZR9zQoxS
                                                                                                                                                                                                                                                      MD5:F3FF2D544F5CD9E66BFB8D170B661673
                                                                                                                                                                                                                                                      SHA1:9E18107CFCD89F1BBB7FDAF65234C1DC8E614ADD
                                                                                                                                                                                                                                                      SHA-256:E1C5D8984A674925FA4AFBFE58228BE5323FE5123ABCD17EC4160295875A625F
                                                                                                                                                                                                                                                      SHA-512:184B09C77D079127580EF80EB34BDED0F5E874CEFBE1C5F851D86861E38967B995D859E8491FCC87508930DC06C6BBF02B649B3B489A1B138C51A7D4B4E7AAAD
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......e.........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..P...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.754374422741657
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:CGeVPWqhWUWJWadJCsVWQ4mWUhSqyttuX01k9z3A2lqn7cq:CGeVPWqhWBCsvoSR9zflBq
                                                                                                                                                                                                                                                      MD5:A0C2DBE0F5E18D1ADD0D1BA22580893B
                                                                                                                                                                                                                                                      SHA1:29624DF37151905467A223486500ED75617A1DFD
                                                                                                                                                                                                                                                      SHA-256:3C29730DF2B28985A30D9C82092A1FAA0CEB7FFC1BD857D1EF6324CF5524802F
                                                                                                                                                                                                                                                      SHA-512:3E627F111196009380D1687E024E6FFB1C0DCF4DCB27F8940F17FEC7EFDD8152FF365B43CB7FDB31DE300955D6C15E40A2C8FB6650A91706D7EA1C5D89319B12
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......Z.........." .........0...............................................@............`A........................................p...<............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.664553499673792
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:mZyMvr5WqhWAWJWadJCsVWQ4mWWqpNVAv+cQ0GX01k9z3ARo+GZ:mZyMvlWqhWNCsUpNbZR9zQo+GZ
                                                                                                                                                                                                                                                      MD5:2666581584BA60D48716420A6080ABDA
                                                                                                                                                                                                                                                      SHA1:C103F0EA32EBBC50F4C494BCE7595F2B721CB5AD
                                                                                                                                                                                                                                                      SHA-256:27E9D3E7C8756E4512932D674A738BF4C2969F834D65B2B79C342A22F662F328
                                                                                                                                                                                                                                                      SHA-512:BEFED15F11A0550D2859094CC15526B791DADEA12C2E7CEB35916983FB7A100D89D638FB1704975464302FAE1E1A37F36E01E4BEF5BC4924AB8F3FD41E60BD0C
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....I..........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..l...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):5.146069394118203
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:vUwidv3V0dfpkXc0vVaCsWqhWjCsa2IR9z5Bk5l:sHdv3VqpkXc0vVaP+U9zzk5l
                                                                                                                                                                                                                                                      MD5:225D9F80F669CE452CA35E47AF94893F
                                                                                                                                                                                                                                                      SHA1:37BD0FFC8E820247BD4DB1C36C3B9F9F686BBD50
                                                                                                                                                                                                                                                      SHA-256:61C0EBE60CE6EBABCB927DDFF837A9BF17E14CD4B4C762AB709E630576EC7232
                                                                                                                                                                                                                                                      SHA-512:2F71A3471A9868F4D026C01E4258AFF7192872590F5E5C66AABD3C088644D28629BA8835F3A4A23825631004B1AFD440EFE7161BB9FC7D7C69E0EE204813CA7B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....x.........." .........0...............................................@.......J....`A........................................p...X............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.834520503429805
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:etZ3xWqhWqWJWadJCsVWQ4mWfH/fKUSIX01k9z3AEXz40OY:etZ3xWqhWHCsMH2IR9z5OY
                                                                                                                                                                                                                                                      MD5:1281E9D1750431D2FE3B480A8175D45C
                                                                                                                                                                                                                                                      SHA1:BC982D1C750B88DCB4410739E057A86FF02D07EF
                                                                                                                                                                                                                                                      SHA-256:433BD8DDC4F79AEE65CA94A54286D75E7D92B019853A883E51C2B938D2469BAA
                                                                                                                                                                                                                                                      SHA-512:A954E6CE76F1375A8BEAC51D751B575BBC0B0B8BA6AA793402B26404E45718165199C2C00CCBCBA3783C16BDD96F0B2C17ADDCC619C39C8031BECEBEF428CE77
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@.......w....`A........................................p...x............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.916367637528538
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:qaIMFSYWqhWzWJWadJCsVWQ4mW14LyttuX01k9z3A2ClV:qdYWqhWqCsISR9zfCT
                                                                                                                                                                                                                                                      MD5:FD46C3F6361E79B8616F56B22D935A53
                                                                                                                                                                                                                                                      SHA1:107F488AD966633579D8EC5EB1919541F07532CE
                                                                                                                                                                                                                                                      SHA-256:0DC92E8830BC84337DCAE19EF03A84EF5279CF7D4FDC2442C1BC25320369F9DF
                                                                                                                                                                                                                                                      SHA-512:3360B2E2A25D545CCD969F305C4668C6CDA443BBDBD8A8356FFE9FBC2F70D90CF4540F2F28C9ED3EEA6C9074F94E69746E7705E6254827E6A4F158A75D81065B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...~.l-.........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.829681745003914
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:HNpWqhW5WJWadJCsVWQ4mWbZyttuX01k9z3A2qkFU:HXWqhW4Cs1SR9zf9U
                                                                                                                                                                                                                                                      MD5:D12403EE11359259BA2B0706E5E5111C
                                                                                                                                                                                                                                                      SHA1:03CC7827A30FD1DEE38665C0CC993B4B533AC138
                                                                                                                                                                                                                                                      SHA-256:F60E1751A6AC41F08E46480BF8E6521B41E2E427803996B32BDC5E78E9560781
                                                                                                                                                                                                                                                      SHA-512:9004F4E59835AF57F02E8D9625814DB56F0E4A98467041DA6F1367EF32366AD96E0338D48FFF7CC65839A24148E2D9989883BCDDC329D9F4D27CAE3F843117D0
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...>.os.........." .........0...............................................@............`A........................................p...H............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.612408827336625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:CWqhW+WJWadJCsVWQ4mWprgfKUSIX01k9z3AEXzh:CWqhW7Cs12IR9z5F
                                                                                                                                                                                                                                                      MD5:0F129611A4F1E7752F3671C9AA6EA736
                                                                                                                                                                                                                                                      SHA1:40C07A94045B17DAE8A02C1D2B49301FAD231152
                                                                                                                                                                                                                                                      SHA-256:2E1F090ABA941B9D2D503E4CD735C958DF7BB68F1E9BDC3F47692E1571AAAC2F
                                                                                                                                                                                                                                                      SHA-512:6ABC0F4878BB302713755A188F662C6FE162EA6267E5E1C497C9BA9FDDBDAEA4DB050E322CB1C77D6638ECF1DAD940B9EBC92C43ACAA594040EE58D313CBCFAE
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....+..........." .........0...............................................@............`A........................................p...<............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.918215004381039
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:OvMWqhWkWJWadJCsVWQ4mWoz/HyttuX01k9z3A21O:JWqhWxCs/SSR9zf1O
                                                                                                                                                                                                                                                      MD5:D4FBA5A92D68916EC17104E09D1D9D12
                                                                                                                                                                                                                                                      SHA1:247DBC625B72FFB0BF546B17FB4DE10CAD38D495
                                                                                                                                                                                                                                                      SHA-256:93619259328A264287AEE7C5B88F7F0EE32425D7323CE5DC5A2EF4FE3BED90D5
                                                                                                                                                                                                                                                      SHA-512:D5A535F881C09F37E0ADF3B58D41E123F527D081A1EBECD9A927664582AE268341771728DC967C30908E502B49F6F853EEAEBB56580B947A629EDC6BCE2340D8
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...Aj............" .........0...............................................@......UJ....`A.........................................................0...............0..x&..............p............................................................................rdata..p...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):26216
                                                                                                                                                                                                                                                      Entropy (8bit):4.882777558752248
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:I9cy5WqhWKWEXCVWQ4mW1pbm6yttuX01k9z3A2jyM:Ry5WqhWdcbmLSR9zfjj
                                                                                                                                                                                                                                                      MD5:EDF71C5C232F5F6EF3849450F2100B54
                                                                                                                                                                                                                                                      SHA1:ED46DA7D59811B566DD438FA1D09C20F5DC493CE
                                                                                                                                                                                                                                                      SHA-256:B987AB40CDD950EBE7A9A9176B80B8FFFC005CCD370BB1CBBCAD078C1A506BDC
                                                                                                                                                                                                                                                      SHA-512:481A3C8DC5BEF793EE78CE85EC0F193E3E9F6CD57868B813965B312BD0FADEB5F4419707CD3004FBDB407652101D52E061EF84317E8BD458979443E9F8E4079A
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...U.gJ.........." .........@...............................................P............`A.........................................................@...............@..h&..............p............................................................................rdata..n........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):4.738587310329139
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:TWqhWXWEXCVWQ4mWPXTNyttuX01k9z3A2dGxr:TWqhWMKASR9zfYxr
                                                                                                                                                                                                                                                      MD5:F9235935DD3BA2AA66D3AA3412ACCFBF
                                                                                                                                                                                                                                                      SHA1:281E548B526411BCB3813EB98462F48FFAF4B3EB
                                                                                                                                                                                                                                                      SHA-256:2F6BD6C235E044755D5707BD560A6AFC0BA712437530F76D11079D67C0CF3200
                                                                                                                                                                                                                                                      SHA-512:AD0C0A7891FB8328F6F0CF1DDC97523A317D727C15D15498AFA53C07610210D2610DB4BC9BD25958D47ADC1AF829AD4D7CF8AABCAB3625C783177CCDB7714246
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...9.4o.........." .........0...............................................@......h*....`A............................................"............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):5.202163846121633
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:2pUEpnWlC0i5CBWqhWXLeWEXCVWQ4iW+/x6RMySX01k9z3Aza8Az629:2ptnWm5CBWqhWtWMR9zqaH629
                                                                                                                                                                                                                                                      MD5:5107487B726BDCC7B9F7E4C2FF7F907C
                                                                                                                                                                                                                                                      SHA1:EBC46221D3C81A409FAB9815C4215AD5DA62449C
                                                                                                                                                                                                                                                      SHA-256:94A86E28E829276974E01F8A15787FDE6ED699C8B9DC26F16A51765C86C3EADE
                                                                                                                                                                                                                                                      SHA-512:A0009B80AD6A928580F2B476C1BDF4352B0611BB3A180418F2A42CFA7A03B9F0575ED75EC855D30B26E0CCA96A6DA8AFFB54862B6B9AFF33710D2F3129283FAA
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......M4....`A.........................................................0...............0..h&..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):4.866983142029453
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:0vh8Y17aFBRsWqhW9AWEXCVWQ4mWCB4Lrp0KBQfX01k9z3ALkg5Z7:SL5WqhW9boRxB+R9z2kM7
                                                                                                                                                                                                                                                      MD5:D5D77669BD8D382EC474BE0608AFD03F
                                                                                                                                                                                                                                                      SHA1:1558F5A0F5FACC79D3957FF1E72A608766E11A64
                                                                                                                                                                                                                                                      SHA-256:8DD9218998B4C4C9E8D8B0F8B9611D49419B3C80DAA2F437CBF15BCFD4C0B3B8
                                                                                                                                                                                                                                                      SHA-512:8DEFA71772105FD9128A669F6FF19B6FE47745A0305BEB9A8CADB672ED087077F7538CD56E39329F7DAA37797A96469EAE7CD5E4CCA57C9A183B35BDC44182F3
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...."]..........." .........0...............................................@............`A.........................................................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.828044267819929
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:dUnWqhWRWJWadJCsVWQ4mW+2PyttuX01k9z3A23y:cWqhWQCsHSR9zf3y
                                                                                                                                                                                                                                                      MD5:650435E39D38160ABC3973514D6C6640
                                                                                                                                                                                                                                                      SHA1:9A5591C29E4D91EAA0F12AD603AF05BB49708A2D
                                                                                                                                                                                                                                                      SHA-256:551A34C400522957063A2D71FA5ABA1CD78CC4F61F0ACE1CD42CC72118C500C0
                                                                                                                                                                                                                                                      SHA-512:7B4A8F86D583562956593D27B7ECB695CB24AB7192A94361F994FADBA7A488375217755E7ED5071DE1D0960F60F255AA305E9DD477C38B7BB70AC545082C9D5E
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...6..q.........." .........0...............................................@.......-....`A............................................e............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):30328
                                                                                                                                                                                                                                                      Entropy (8bit):5.14173409150951
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:r7yaFM4Oe59Ckb1hgmLVWqhW2CsWNbZR9zQoekS:/FMq59Bb1jnoFT9zGp
                                                                                                                                                                                                                                                      MD5:B8F0210C47847FC6EC9FBE2A1AD4DEBB
                                                                                                                                                                                                                                                      SHA1:E99D833AE730BE1FEDC826BF1569C26F30DA0D17
                                                                                                                                                                                                                                                      SHA-256:1C4A70A73096B64B536BE8132ED402BCFB182C01B8A451BFF452EFE36DDF76E7
                                                                                                                                                                                                                                                      SHA-512:992D790E18AC7AE33958F53D458D15BFF522A3C11A6BD7EE2F784AC16399DE8B9F0A7EE896D9F2C96D1E2C8829B2F35FF11FC5D8D1B14C77E22D859A1387797C
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................" .........P...............................................`............`A.............................................%...........P...............P..x&..............p............................................................................rdata...'.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):30312
                                                                                                                                                                                                                                                      Entropy (8bit):4.96699982894665
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:PfhhvLPmIHJI6/CpG3t2G3t4odXLVWqhW2ntNbZR9zQo9eZ:xhPmIHJI69VFT9zO
                                                                                                                                                                                                                                                      MD5:075419431D46DC67932B04A8B91A772F
                                                                                                                                                                                                                                                      SHA1:DB2AF49EE7B6BEC379499B5A80BE39310C6C8425
                                                                                                                                                                                                                                                      SHA-256:3A4B66E65A5EE311AFC37157A8101ABA6017FF7A4355B4DD6E6C71D5B7223560
                                                                                                                                                                                                                                                      SHA-512:76287E0003A396CDA84CE6B206986476F85E927A389787D1D273684167327C41FC0FE5E947175C0DEB382C5ACCF785F867D9FCE1FEA4ABD7D99B201E277D1704
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...Y.g..........." .........P...............................................`.......r....`A............................................. ...........P...............P..h&..............p............................................................................rdata..t".......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):4.883012715268179
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:5eXrqjd7ZWqhW3WEXCVWQ4mW3Ql1Lrp0KBQfX01k9z3ALkjY/12:54rgWqhWsP1RxB+R9z2kjY/Y
                                                                                                                                                                                                                                                      MD5:272C0F80FD132E434CDCDD4E184BB1D8
                                                                                                                                                                                                                                                      SHA1:5BC8B7260E690B4D4039FE27B48B2CECEC39652F
                                                                                                                                                                                                                                                      SHA-256:BD943767F3E0568E19FB52522217C22B6627B66A3B71CD38DD6653B50662F39D
                                                                                                                                                                                                                                                      SHA-512:94892A934A92EF1630FBFEA956D1FE3A3BFE687DEC31092828960968CB321C4AB3AF3CAF191D4E28C8CA6B8927FBC1EC5D17D5C8A962C848F4373602EC982CD4
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...<SdT.........." .........0...............................................@......N.....`A............................................x............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):26208
                                                                                                                                                                                                                                                      Entropy (8bit):5.023753175006074
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:4mGqX8mPrpJhhf4AN5/KiFWqhWyzWEXCVWQ4OW4034hHssDX01k9z3AaYX2cWo:4ysyr77WqhWyI0oFDR9z9YH9
                                                                                                                                                                                                                                                      MD5:20C0AFA78836B3F0B692C22F12BDA70A
                                                                                                                                                                                                                                                      SHA1:60BB74615A71BD6B489C500E6E69722F357D283E
                                                                                                                                                                                                                                                      SHA-256:962D725D089F140482EE9A8FF57F440A513387DD03FDC06B3A28562C8090C0BC
                                                                                                                                                                                                                                                      SHA-512:65F0E60136AB358661E5156B8ECD135182C8AAEFD3EC320ABDF9CFC8AEAB7B68581890E0BBC56BAD858B83D47B7A0143FA791195101DC3E2D78956F591641D16
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....TR.........." .........@...............................................P......D!....`A............................................4............@...............@..`&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):26232
                                                                                                                                                                                                                                                      Entropy (8bit):5.289041983400337
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:UuV2OlkuWYFxEpahfWqhWNWJWadJCsVWQ4mWeX9UfKUSIX01k9z3AEXzGd5S:dV2oFVhfWqhWMCstE2IR9z5Sd5S
                                                                                                                                                                                                                                                      MD5:96498DC4C2C879055A7AFF2A1CC2451E
                                                                                                                                                                                                                                                      SHA1:FECBC0F854B1ADF49EF07BEACAD3CEC9358B4FB2
                                                                                                                                                                                                                                                      SHA-256:273817A137EE049CBD8E51DC0BB1C7987DF7E3BF4968940EE35376F87EF2EF8D
                                                                                                                                                                                                                                                      SHA-512:4E0B2EF0EFE81A8289A447EB48898992692FEEE4739CEB9D87F5598E449E0059B4E6F4EB19794B9DCDCE78C05C8871264797C14E4754FD73280F37EC3EA3C304
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...k. U.........." .........@...............................................P............`A............................................a............@...............@..x&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):26232
                                                                                                                                                                                                                                                      Entropy (8bit):5.284932479906984
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:tCLx0C5yguNvZ5VQgx3SbwA7yMVIkFGlTWqhWbQCsMSR9zful:tCV5yguNvZ5VQgx3SbwA71IkFGqHe9zI
                                                                                                                                                                                                                                                      MD5:115E8275EB570B02E72C0C8A156970B3
                                                                                                                                                                                                                                                      SHA1:C305868A014D8D7BBEF9ABBB1C49A70E8511D5A6
                                                                                                                                                                                                                                                      SHA-256:415025DCE5A086DBFFC4CF322E8EAD55CB45F6D946801F6F5193DF044DB2F004
                                                                                                                                                                                                                                                      SHA-512:B97EF7C5203A0105386E4949445350D8FF1C83BDEAEE71CCF8DC22F7F6D4F113CB0A9BE136717895C36EE8455778549F629BF8D8364109185C0BF28F3CB2B2CA
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.... .h.........." .........@...............................................P......\.....`A.........................................................@...............@..x&..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22120
                                                                                                                                                                                                                                                      Entropy (8bit):5.253102285412285
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:mt3hwDGWqhWrWEXCVWQ4mWn+deyttuX01k9z3A23x:AWqhWgPSR9zfh
                                                                                                                                                                                                                                                      MD5:001E60F6BBF255A60A5EA542E6339706
                                                                                                                                                                                                                                                      SHA1:F9172EC37921432D5031758D0C644FE78CDB25FA
                                                                                                                                                                                                                                                      SHA-256:82FBA9BC21F77309A649EDC8E6FC1900F37E3FFCB45CD61E65E23840C505B945
                                                                                                                                                                                                                                                      SHA-512:B1A6DC5A34968FBDC8147D8403ADF8B800A06771CC9F15613F5CE874C29259A156BAB875AAE4CAAEC2117817CE79682A268AA6E037546AECA664CD4EEA60ADBF
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...G............" .........0...............................................@.......&....`A.........................................................0...............0..h&..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22136
                                                                                                                                                                                                                                                      Entropy (8bit):4.810971823417463
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:p/fHQduDWqhWJWJWadJCsVWQ4mWxrnyttuX01k9z3A2Yv6WT:p/ftWqhWoCsmySR9zfYvvT
                                                                                                                                                                                                                                                      MD5:A0776B3A28F7246B4A24FF1B2867BDBF
                                                                                                                                                                                                                                                      SHA1:383C9A6AFDA7C1E855E25055AAD00E92F9D6AAFF
                                                                                                                                                                                                                                                      SHA-256:2E554D9BF872A64D2CD0F0EB9D5A06DEA78548BC0C7A6F76E0A0C8C069F3C0A9
                                                                                                                                                                                                                                                      SHA-512:7C9F0F8E53B363EF5B2E56EEC95E7B78EC50E9308F34974A287784A1C69C9106F49EA2D9CA037F0A7B3C57620FCBB1C7C372F207C68167DF85797AFFC3D7F3BA
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......^.....`A............................................^............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info\INSTALLER

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info\METADATA

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11348
                                                                                                                                                                                                                                                      Entropy (8bit):5.155260943272538
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:j/sUYExPRtXLt5Yy9EqOmoKTioEJdQ/0GmlWEx+VqAI6OfmEIPSo9t+kwLaH:j/sW6y9EqHoKvgAml9rqOnQLy8
                                                                                                                                                                                                                                                      MD5:7774D77D730C0C295CB6E3E46817DAD6
                                                                                                                                                                                                                                                      SHA1:406B5C84945B8DC1035BD53EB33F289B9AE699FC
                                                                                                                                                                                                                                                      SHA-256:CA0970517928EF943E209E8B98F550E18F7D2894B708F2B4356F28BD7158B038
                                                                                                                                                                                                                                                      SHA-512:6E991F3144CCA536E906A180DA7FAF3198521C81EFF4143FB943ECC6C6FAA558D0B1F2AA1379A7294BAA039D67202C671027D12C821D95B859EC25E0F78C2C21
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: attrs.Version: 23.1.0.Summary: Classes Without Boilerplate.Project-URL: Documentation, https://www.attrs.org/.Project-URL: Changelog, https://www.attrs.org/en/stable/changelog.html.Project-URL: Bug Tracker, https://github.com/python-attrs/attrs/issues.Project-URL: Source Code, https://github.com/python-attrs/attrs.Project-URL: Funding, https://github.com/sponsors/hynek.Project-URL: Tidelift, https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi.Author-email: Hynek Schlawack <hs@ox.cx>.License-Expression: MIT.License-File: LICENSE.Keywords: attribute,boilerplate,class.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: P

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info\RECORD

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3642
                                                                                                                                                                                                                                                      Entropy (8bit):5.807416853955938
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:QalxI0guUoqipQEqdwBxTGNmmUuAqG2PX2rUXjiFcoqL/+Q:zaUoUTGwnuA2XE9Q
                                                                                                                                                                                                                                                      MD5:A3AD7B8CDA8539786366BBBEC93D29AD
                                                                                                                                                                                                                                                      SHA1:D79FE6C3773C0E56AB64F6288B2CEF36BACC10A6
                                                                                                                                                                                                                                                      SHA-256:0C4D6F02B4FECD5A3A81D45A6D684D38998F2A8DAB51490548A27D85A5377299
                                                                                                                                                                                                                                                      SHA-512:03A7FBF8AE5FB6C4BAD790EDC6C3479BB604FB7E3F8CCCCB96FE7A8EF45DCEB1BCF12415D51437C5048AA01183A3CD0E55D5A64FA1E7B22D7DAB8031822ED77B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:attr/__init__.py,sha256=dSRUBxRVTh-dXMrMR_oQ3ZISu2QSfhSZlik03Mjbu30,3241..attr/__init__.pyi,sha256=rIK-2IakIoehVtqXK5l5rs9_fJNCbnYtKTS3cOAVJD8,17609..attr/__pycache__/__init__.cpython-310.pyc,,..attr/__pycache__/_cmp.cpython-310.pyc,,..attr/__pycache__/_compat.cpython-310.pyc,,..attr/__pycache__/_config.cpython-310.pyc,,..attr/__pycache__/_funcs.cpython-310.pyc,,..attr/__pycache__/_make.cpython-310.pyc,,..attr/__pycache__/_next_gen.cpython-310.pyc,,..attr/__pycache__/_version_info.cpython-310.pyc,,..attr/__pycache__/converters.cpython-310.pyc,,..attr/__pycache__/exceptions.cpython-310.pyc,,..attr/__pycache__/filters.cpython-310.pyc,,..attr/__pycache__/setters.cpython-310.pyc,,..attr/__pycache__/validators.cpython-310.pyc,,..attr/_cmp.py,sha256=diMUQV-BIg7IjIb6-o1hswtnjrR4qdAUz_tE8gxS96w,4098..attr/_cmp.pyi,sha256=sGQmOM0w3_K4-X8cTXR7g0Hqr290E8PTObA9JQxWQqc,399..attr/_compat.py,sha256=d3cpIu60IbKrLywPni17RUEQY7MvkqqKifyzJ5H3zRU,5803..attr/_config.py,sha256=5W8lgRePuIOWu1ZuqF1899e2CmXGc9

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info\WHEEL

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):87
                                                                                                                                                                                                                                                      Entropy (8bit):4.699003560068366
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:RtEeXAaCQnvxP+tPCCfA5I:Rt2PQZWBB3
                                                                                                                                                                                                                                                      MD5:14CCD3CE79ED5ED7DAD2420CD7C0D412
                                                                                                                                                                                                                                                      SHA1:388B959646735E0095900E61F3AF8A90F594F0A3
                                                                                                                                                                                                                                                      SHA-256:108D89B06C9DC142F918FF6DEA4CD9BFB1B71C33E2EC5B990C37FD227E9A9913
                                                                                                                                                                                                                                                      SHA-512:6EA1321D7F62E8284C3C5B29A3D7940890A4488503832457BF6580108351C0B2A0EE871928561DFF7F71C9BA9D1B89B2D93C1C5839EEC4815032E89E670934B4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: hatchling 1.14.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\attrs-23.1.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1109
                                                                                                                                                                                                                                                      Entropy (8bit):5.104415762129373
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:bGf8rUrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:bW8rUaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                                                                      MD5:5E55731824CF9205CFABEAB9A0600887
                                                                                                                                                                                                                                                      SHA1:243E9DD038D3D68C67D42C0C4BA80622C2A56246
                                                                                                                                                                                                                                                      SHA-256:882115C95DFC2AF1EEB6714F8EC6D5CBCABF667CAFF8729F42420DA63F714E9F
                                                                                                                                                                                                                                                      SHA-512:21B242BF6DCBAFA16336D77A40E69685D7E64A43CC30E13E484C72A93CD4496A7276E18137DC601B6A8C3C193CB775DB89853ECC6D6EB2956DEEE36826D5EBFE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) 2015 Hynek Schlawack and the attrs contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHE

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\base_library.zip

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):831920
                                                                                                                                                                                                                                                      Entropy (8bit):5.700113193168901
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:9gYJuVvEWSxVqF8MgFA4a2YCdXVwxjfpEreiSRMN7:9gYJz1x3La2xVwxjfpErefMN7
                                                                                                                                                                                                                                                      MD5:524A85217DC9EDC8C9EFC73159CA955D
                                                                                                                                                                                                                                                      SHA1:A4238CBDE50443262D00A843FFE814435FB0F4E2
                                                                                                                                                                                                                                                      SHA-256:808549964ADB09AFAFB410CDC030DF4813C5C2A7276A94E7F116103AF5DE7621
                                                                                                                                                                                                                                                      SHA-512:F5A929B35A63F073BDC7600155BA2F0F262E6F60CF67EFB38FA44E8B3BE085CF1D5741D66D25A1ECAAF3F94ABFE9BBE97D135F8A47C11F2B811D2AAC6876F46C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PK..........!...`.5...5......._collections_abc.pyco........%.A........................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\certifi\cacert.pem

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):292541
                                                                                                                                                                                                                                                      Entropy (8bit):6.048162209044241
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5NF:QWb/TRJLWURrI55MWavdF0D
                                                                                                                                                                                                                                                      MD5:D3E74C9D33719C8AB162BAA4AE743B27
                                                                                                                                                                                                                                                      SHA1:EE32F2CCD4BC56CA68441A02BF33E32DC6205C2B
                                                                                                                                                                                                                                                      SHA-256:7A347CA8FEF6E29F82B6E4785355A6635C17FA755E0940F65F15AA8FC7BD7F92
                                                                                                                                                                                                                                                      SHA-512:E0FB35D6901A6DEBBF48A0655E2AA1040700EB5166E732AE2617E89EF5E6869E8DDD5C7875FA83F31D447D4ABC3DB14BFFD29600C9AF725D9B03F03363469B4C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer\md.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):9728
                                                                                                                                                                                                                                                      Entropy (8bit):6.616718888758226
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:Z36tq4hfGNpeeiTJvbX3ikyUxaVXFaLuHOqX:Z3gq4hfGNZi1vbinUxaVXALXq
                                                                                                                                                                                                                                                      MD5:79F58590559566A010140B0B94A9FF3F
                                                                                                                                                                                                                                                      SHA1:E3B6B62886BBA487E524CBBA4530CA703B24CBDA
                                                                                                                                                                                                                                                      SHA-256:F8EAE2B1020024EE92BA116C29BC3C8F80906BE2029DDBE0C48CA1D02BF1EA73
                                                                                                                                                                                                                                                      SHA-512:ECFCD6C58175F3E95195ABE9A18BB6DD1D10B989539BF24EA1BCDBD3C435A10BBD2D8835A4C3ACF7F9AEB44B160307AE0C377125202B9DBF0DD6E8CFD2603131
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6..^W..^W..^W..W/..\W..K(..\W.../..\W..K(..UW..K(..VW..K(..]W.."..]W..^W..xW..g.._W..g.._W..g.a._W..g.._W..Rich^W..........PE..d....hAe.........." ...%. .......p........................................................`.........................................@...p......P............@..........................................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................"..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):39936
                                                                                                                                                                                                                                                      Entropy (8bit):7.848997828042554
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:Ysuo81G+O8u/Ox+gOx8DmqXMdRKawNZG5HnzAa+S9FmgZMu2fY3ljm78O6rH:YLohf8umx+gOuDmImZwu5TAqmgZ6ajme
                                                                                                                                                                                                                                                      MD5:9BB72AD673C91050ECB9F4A3F98B91EF
                                                                                                                                                                                                                                                      SHA1:67FF2D6AB21E2BBE84F43A84ECD2FD64161E25F4
                                                                                                                                                                                                                                                      SHA-256:17FC896275AFCD3CDD20836A7379D565D156CD409DC28F95305C32F1B3E99C4F
                                                                                                                                                                                                                                                      SHA-512:4C1236F9CFBB2EC8E895C134B7965D1EBF5404E5D00ACF543B9935BC22D07D58713A75EEE793C02DFDA29B128412972F00E82A636D33EC8C9E0D9804F465BC40
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........SRxr.Rxr.Rxr.[...Zxr.G.s.Pxr...s.Pxr.G.w._xr.G.v.Zxr.G.q.Qxr...s.Qxr.Rxs..xr.k.z.Sxr.k.r.Sxr.k...Sxr.k.p.Sxr.RichRxr.........................PE..d....hAe.........." ...%.............6.......................................`............`..........................................R..d....P.......P......................<S.......................................A..@...........................................UPX0....................................UPX1................................@....rsrc........P......................@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\frozenlist\_frozenlist.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                                                                                                      Entropy (8bit):7.801655657795242
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:YPNW72j7kwZzAJh1wX7d6/FS7JFm8kzVQKScRtydjjiUBmqloARt/wy2DW+:YPom7Hsf1wX49S7J+fyd3iUBmrARH2y+
                                                                                                                                                                                                                                                      MD5:508A62852D194DAB4B89D1AE1234D47F
                                                                                                                                                                                                                                                      SHA1:70024A52D3133C7F6824655795E6C68CF60F1CF1
                                                                                                                                                                                                                                                      SHA-256:48525C6883D5DF789C3998F377684B88835A3EF2045E744B2E91ABFC0D887C73
                                                                                                                                                                                                                                                      SHA-512:A395E1A88A19152388ACCA2282D773F659D6F5E69718B8448F9256C446EB24EBD61A4A0BAC8104025E9B7B31BB67198757A2514D6F827BCD70CFD99546C427D6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._5..1f..1f..1f.f..1f..0g..1f..0g..1f..4g..1f..5g..1f..2g..1f..0g..1f..0fS.1f.q9g..1f.q1g..1f.q.f..1f.q3g..1fRich..1f........................PE..d.....{e.........." ...%.........0.......@................................................`.............................................h....................p..4.......................................................@...........................................UPX0.....0..............................UPX1.........@......................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\libcrypto-1_1.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1189728
                                                                                                                                                                                                                                                      Entropy (8bit):7.9451398145343335
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24576:xffQrZJIe6/4gho5HE1F03fkOyUU/BtSIgA0ft+rBFOWRIQ6sCYB1CPwDv3uFfJp:pf8JWwgho5HL3fknPSIKorCo1CPwDv3Q
                                                                                                                                                                                                                                                      MD5:DA5FE6E5CFC41381025994F261DF7148
                                                                                                                                                                                                                                                      SHA1:13998E241464952D2D34EB6E8ECFCD2EB1F19A64
                                                                                                                                                                                                                                                      SHA-256:DE045C36AE437A5B40FC90A8A7CC037FACD5B7E307CFCF9A9087C5F1A6A2CF18
                                                                                                                                                                                                                                                      SHA-512:A0D7EBF83204065236439D495EB3C97BE093C41DAAC2E6CFBBB1AA8FFEAC049402A3DEA7139B1770D2E1A45E08623A56A94D64C8F0C5BE74C5BAE039A2BC6CA9
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a...2...2...2...2...2..3...2..3...2..3...2..3...2...2...2L.3...2..3...2..3.2..3...2..p2...2..3...2Rich...2........................PE..d...m..b.........." ... .........@%.025..P%..................................P7...........`......................................... H5......C5.h....@5......`2.............H7......................................=5.@...........................................UPX0.....@%.............................UPX1.........P%.....................@....rsrc........@5.....................@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\libffi-7.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):24088
                                                                                                                                                                                                                                                      Entropy (8bit):7.529671673324906
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:TRZBxuj5W4IBzuU2CUvOEvbY4nUxaVXALNxZRCXTpnYPLxDG4y80uzFLhHj:lwlGuUm2EvbrmWpWDG4yKRF
                                                                                                                                                                                                                                                      MD5:B5150B41CA910F212A1DD236832EB472
                                                                                                                                                                                                                                                      SHA1:A17809732C562524B185953FFE60DFA91BA3CE7D
                                                                                                                                                                                                                                                      SHA-256:1A106569AC0AD3152F3816FF361AA227371D0D85425B357632776AC48D92EA8A
                                                                                                                                                                                                                                                      SHA-512:9E82B0CAA3D72BB4A7AD7D66EBFB10EDB778749E89280BCA67C766E72DC794E99AAB2BC2980D64282A384699929CE6CC996462A73584898D2DF67A57BFF2A9C6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....@................................................................`.........................................................................................................................................................................UPX0....................................UPX1.....@.......:..................@...UPX2.................>..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\libssl-1_1.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):208224
                                                                                                                                                                                                                                                      Entropy (8bit):7.921732676851239
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:XSI3oPlWLlPVVc5MpJa1pOjJnnioIZW8/Qf6bRXGKrs8qJjueW1LR/oSBZLetz:CIek5VC0FiHof6Z1rgJ63R/oSi
                                                                                                                                                                                                                                                      MD5:48D792202922FFFE8EA12798F03D94DE
                                                                                                                                                                                                                                                      SHA1:F8818BE47BECB8CCF2907399F62019C3BE0EFEB5
                                                                                                                                                                                                                                                      SHA-256:8221A76831A103B2B2AE01C3702D0BBA4F82F2AFD4390A3727056E60B28650CC
                                                                                                                                                                                                                                                      SHA-512:69F3A8B556DD517AE89084623F499EF89BD0F97031E3006677CEED330ED13FCC56BF3CDE5C9ED0FC6C440487D13899FFDA775E6A967966294CADFD70069B2833
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.p*..p*..p*......p*...+..p*.\.+..p*.../..p*......p*...)..p*...+..p*..p+.iq*......p*...*..p*.....p*...(..p*.Rich.p*.........PE..d......b.........." ... .....P...`..@....p................................................`..........................................6..4@...3.......0...........M...........v......................................8%..@...........................................UPX0.....`..............................UPX1.........p......................@....rsrc....P...0...H..................@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\mfc140u.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5653424
                                                                                                                                                                                                                                                      Entropy (8bit):6.729277267882055
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:49152:EuEsNcEc8/CK4b11P5ViH8gw0+NVQD5stWIlE7lva8iposS9j5fzSQzs7ID+AVuS:EnL8+5fiEnQFLOAkGkzdnEVomFHKnPS
                                                                                                                                                                                                                                                      MD5:03A161718F1D5E41897236D48C91AE3C
                                                                                                                                                                                                                                                      SHA1:32B10EB46BAFB9F81A402CB7EFF4767418956BD4
                                                                                                                                                                                                                                                      SHA-256:E06C4BD078F4690AA8874A3DEB38E802B2A16CCB602A7EDC2E077E98C05B5807
                                                                                                                                                                                                                                                      SHA-512:7ABCC90E845B43D264EE18C9565C7D0CBB383BFD72B9CEBB198BA60C4A46F56DA5480DA51C90FF82957AD4C84A4799FA3EB0CEDFFAA6195F1315B3FF3DA1BE47
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d....~.a.........." .....(-..X)......X,.......................................V......YV...`A..........................................:.....h.;.......?......`=..8....V..'...PU.0p..p.5.T...........................`...8............@-.P...0.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\multidict\_multidict.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                      Entropy (8bit):7.554000155362532
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:uqn6Apum7DurKkfFwr37/fgQZtR5DLURkUzLgV5tA2nUxaVXALgYg8:pnppuYrkfIrHZrnDLarYVTxnY
                                                                                                                                                                                                                                                      MD5:EA0443B7710F3F2F58FD92581AB1AD07
                                                                                                                                                                                                                                                      SHA1:2C4013E9199E85759048EB9CF74DA54A4CAA04A5
                                                                                                                                                                                                                                                      SHA-256:BECD3D1E05423C1420C02F7D6507569CF138B4AE19FA1276F41CE8191D5377D8
                                                                                                                                                                                                                                                      SHA-512:D618B793C81EBA3982330ADDBF932129EA364F55F2D17B834593B466941448E73D9104B1918C3E137B671A12AD0FEABA27FE55002E104AA4054CCF2EADE62E4E
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8T..V...V...V.......V...W...V..W...V...S...V...R...V...U...V.j.W...V...W...V...^...V...V...V.......V...T...V.Rich..V.........................PE..d......e.........." ...%.P...................................................@............`.........................................@2..d....0..P....0.......................2.......................................%..@...........................................UPX0....................................UPX1.....P.......H..................@....rsrc........0.......L..............@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):34816
                                                                                                                                                                                                                                                      Entropy (8bit):7.787702936942791
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:l5HOA2w0JLJLH+AKL7/d2gt6UDsPioZLxivYG7HWFynfcwRVG:LHOE0T+AKL70g/oZ9sY22Ef9V
                                                                                                                                                                                                                                                      MD5:FB17B2F2F09725C3FFCA6345ACD7F0A8
                                                                                                                                                                                                                                                      SHA1:B8D747CC0CB9F7646181536D9451D91D83B9FC61
                                                                                                                                                                                                                                                      SHA-256:9C7D401418DB14353DB85B54FF8C7773EE5D17CBF9A20085FDE4AF652BD24FC4
                                                                                                                                                                                                                                                      SHA-512:B4ACB60045DA8639779B6BB01175B13344C3705C92EA55F9C2942F06C89E5F43CEDAE8C691836D63183CACF2D0A98AA3BCB0354528F1707956B252206991BF63
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O..O..O...O..O..N..O..N..O..N..O..N..O...N..O..N..O..O,.OY..N..OY..N..OY.pO..OY..N..ORich..O........PE..d.....=d.........." ............. ......0................................................`.........................................8...`......H............P..X......................................................8...........................................UPX0..... ..............................UPX1.........0...~..................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pyexpat.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):88440
                                                                                                                                                                                                                                                      Entropy (8bit):7.917287109292123
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:HqOsxiaMRf0wQhTR0lJrTMQLFrwAx0qHMKVqhgjOE+hpeWpUM2MkNpho8aI7Qhgk:K8kmJfMQLFD+XWq+aDBplFk+I7Qhge0g
                                                                                                                                                                                                                                                      MD5:5A328B011FA748939264318A433297E2
                                                                                                                                                                                                                                                      SHA1:D46DD2BE7C452E5B6525E88A2D29179F4C07DE65
                                                                                                                                                                                                                                                      SHA-256:E8A81B47029E8500E0F4E04CCF81F8BDF23A599A2B5CD627095678CDF2FABC14
                                                                                                                                                                                                                                                      SHA-512:06FA8262378634A42F5AB8C1E5F6716202544C8B304DE327A08AA20C8F888114746F69B725ED3088D975D09094DF7C3A37338A93983B957723AA2B7FDA597F87
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9h..}..}..}..tqu.q..2u....2u.p..2u.u..2u.~...u....{.~..}......u.y...u.|...u..|...u.|..Rich}..................PE..d...+..c.........." ...". ........... .......................................@............`..........................................<..P....9.......0.......................<.......................................,..@...........................................UPX0....................................UPX1..... ..........................@....rsrc........0......."..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info\COPYING.txt

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):30634
                                                                                                                                                                                                                                                      Entropy (8bit):4.687948422038189
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:8+ztint/HdxEUwi5rDL676yV12rPd34ZomzM2FR+qWi9vlKM1zJlFvmNz5VrlkTv:rzolHv7FgixMFzMqd9TzJlFvAfxk1rt
                                                                                                                                                                                                                                                      MD5:371FE7FDEE041250F12B3A4658A14278
                                                                                                                                                                                                                                                      SHA1:A4AAA06709FF77945CA1A42ECCC06C9C99182A27
                                                                                                                                                                                                                                                      SHA-256:DD7315735D0C3CBB0CC861A3EA4D9CEE497568B98CACEA64AF3EA51F4E4B5386
                                                                                                                                                                                                                                                      SHA-512:77FBA931238B59A44357996EC3A39D5E8CDD8E8CBED963927A814B30AADA1F0FF88FB2D62D2DCD9955DBA9458C4A310252B72E52963FEBD0E80639ABA53A9D19
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:================================. The PyInstaller licensing terms.================================. ..Copyright (c) 2010-2022, PyInstaller Development Team.Copyright (c) 2005-2009, Giovanni Bajo.Based on previous work under copyright (c) 2002 McMillan Enterprises, Inc....PyInstaller is licensed under the terms of the GNU General Public License.as published by the Free Software Foundation; either version 2 of the License,.or (at your option) any later version....Bootloader Exception.--------------------..In addition to the permissions in the GNU General Public License, the.authors give you unlimited permission to link or embed compiled bootloader.and related files into combinations with other programs, and to distribute.those combinations without any restriction coming from the use of those.files. (The General Public License restrictions do apply in other respects;.for example, they cover modification of the files, and distribution when.not linked into a combined executable.). . .Bootlo

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info\INSTALLER

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info\METADATA

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):7307
                                                                                                                                                                                                                                                      Entropy (8bit):5.028348015151463
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:VZBasM/s4VNC2EUMANtsDTMdUUmUqhpVqhkHv:K7C2ErY6DTmUU8hpukHv
                                                                                                                                                                                                                                                      MD5:773C87ABC4E5DCD07B8BB371F14EE941
                                                                                                                                                                                                                                                      SHA1:C0D7916DCB39445C03371B62F5C168A01633D4ED
                                                                                                                                                                                                                                                      SHA-256:47889A0EABE0545AF939ADDD679A6E246CD8F19A99732C6C6B170B9F50D1293A
                                                                                                                                                                                                                                                      SHA-512:02E1C5895B41D440079C341C7472C2DD3F327435D45C4D8C41BAE9D09D5C4CA629A56530D93FC79737C80F6F6EA1BEBFC773ED5508DEAF34866EA3F2FC9B0B2A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1..Name: pyinstaller..Version: 5.1..Summary: PyInstaller bundles a Python application and all its dependencies into a single package...Home-page: https://www.pyinstaller.org/..Author: Hartmut Goebel, Giovanni Bajo, David Vierra, David Cortesi, Martin Zibricky..License: GPLv2-or-later with a special exception which allows to use PyInstaller to build and distribute non-free programs (including commercial ones)..Project-URL: Source, https://github.com/pyinstaller/pyinstaller..Keywords: packaging, app, apps, bundle, convert, standalone, executable,pyinstaller, cxfreeze, freeze, py2exe, py2app, bbfreeze..Classifier: Development Status :: 6 - Mature..Classifier: Environment :: Console..Classifier: Intended Audience :: Developers..Classifier: Intended Audience :: Other Audience..Classifier: Intended Audience :: System Administrators..Classifier: License :: OSI Approved :: GNU General Public License v2 (GPLv2)..Classifier: Natural Language :: English..Classifier: Operating

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info\RECORD

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):61650
                                                                                                                                                                                                                                                      Entropy (8bit):5.605295486633833
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:1VqEIJtsSWQJQq4WPY1y0yvtZY6W3+j73wt5a14bXPA+Yla1U9MZhGO5oLZi:1oU/ZiLk
                                                                                                                                                                                                                                                      MD5:FD01A86AA8FD824010E721AC8CFE2058
                                                                                                                                                                                                                                                      SHA1:D7B3B5AF58931065C25E0C8AA9C90CA98111B7A3
                                                                                                                                                                                                                                                      SHA-256:61D469E2DAC9104D3BC82A148ED3AC1D0311FC6DA43861106D49AFB29F911CD4
                                                                                                                                                                                                                                                      SHA-512:1B58719240005F2BFDC3F3CB22E76F5BAB6C31ED257DC00AA155CC9175F59F3BEFBC9C5927554F0C2F97AA06B42FB58D36154D2C7F42F0F878E204576DF1C009
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:../../Scripts/pyi-archive_viewer.exe,sha256=L3vsUF7XkJMlsBVBAE2Q6dtMuU8cC7BuBah0DpAe0Bs,108443..../../Scripts/pyi-bindepend.exe,sha256=wLs3v9p25xfzRSj3eXOpeunGP6BvEqgCcQl79wSCyyQ,108438..../../Scripts/pyi-grab_version.exe,sha256=o3_FqKQ16b7XJs3oSYDvCw7ttrFpDYM9Zx9dF_Dta1c,108441..../../Scripts/pyi-makespec.exe,sha256=TfSMO-LOcJ3GBdexvparghf9z5xqbu8Yna9ZD0uhVfE,108437..../../Scripts/pyi-set_version.exe,sha256=8AGFydCGf5CfgPyPwYolGUi8Lyjm_jFtgdgMx4ocJeE,108440..../../Scripts/pyinstaller.exe,sha256=kLk9gtX3aS9r3aiHyYLEn96n0vTdivYMgjc_8SotJD4,108422..PyInstaller/__init__.py,sha256=yxwRT03ZzCOJlfU8-OxhCCUTqjifnWlXnZQtpEOzjoo,2995..PyInstaller/__main__.py,sha256=2KLwhQRzVi24ICVDCEe-QQOXvk5q1eoPa6HMMnAyD0g,6688..PyInstaller/__pycache__/__init__.cpython-310.pyc,,..PyInstaller/__pycache__/__main__.cpython-310.pyc,,..PyInstaller/__pycache__/_recursion_to_deep_message.cpython-310.pyc,,..PyInstaller/__pycache__/_shared_with_waf.cpython-310.pyc,,..PyInstaller/__pycache__/compat.cpython-310.pyc,,..P

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info\WHEEL

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):92
                                                                                                                                                                                                                                                      Entropy (8bit):4.812622295095324
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                                                                      MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                                                                      SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                                                                      SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                                                                      SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info\direct_url.json

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):111
                                                                                                                                                                                                                                                      Entropy (8bit):4.719695655486695
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:YBM7W/RzQXjHxi6KjAXWKZtgK3rIlw3rIldrDJOXIeUHY:Ym6RzKRihjFItPbIKbIrVOX5U4
                                                                                                                                                                                                                                                      MD5:5786F27F0C07CB551341F010D887DD2D
                                                                                                                                                                                                                                                      SHA1:51AC3CF89836B5E9623760DCEAAB2CB9075CFA56
                                                                                                                                                                                                                                                      SHA-256:098755B825D7AA66388A6EE34CCC7A0B597070309471520834A8A71E2DC17DC2
                                                                                                                                                                                                                                                      SHA-512:BA66490DE5D41107559B66D5D5374625BFA2A9D2ECDF16B3323B7109FF924DA9186051DA1B10F408575DE783C9CB3BF0E3096C5E7316842AF8526D250F9396FA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:{"dir_info": {}, "url": "file:///C:/Users/Admin68/Downloads/empyrean-main/empyrean-main/build/pyinstaller-5.1"}

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info\entry_points.txt

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):360
                                                                                                                                                                                                                                                      Entropy (8bit):4.529432579272841
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:1VkKXL0DjyXLfUynXLEB85AQFXLHHVtAcRNnXLAX2OXFnXLLMi:1qKXIyXLpXg4hX7VtdFXsX2OXFnXMi
                                                                                                                                                                                                                                                      MD5:E15B5909D49DAB451BEB91C31B9732BF
                                                                                                                                                                                                                                                      SHA1:83A5F4EFEF9C91101FA2E7AC0CBED17FE9282145
                                                                                                                                                                                                                                                      SHA-256:933880B425B47C933547830B21387BA2144517BCA3638B213A88F4E3441DBD02
                                                                                                                                                                                                                                                      SHA-512:AE280B4B217AA95D7275B58DC73E7586C1999DC363A0B83E7CA350207541F13B18F30B2BB634EB4BA2F4C191940B5CCC7FC201024000E4FD28431AE6C4A69617
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:[console_scripts].pyi-archive_viewer = PyInstaller.utils.cliutils.archive_viewer:run.pyi-bindepend = PyInstaller.utils.cliutils.bindepend:run.pyi-grab_version = PyInstaller.utils.cliutils.grab_version:run.pyi-makespec = PyInstaller.utils.cliutils.makespec:run.pyi-set_version = PyInstaller.utils.cliutils.set_version:run.pyinstaller = PyInstaller.__main__:run.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pyinstaller-5.1.dist-info\top_level.txt

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):12
                                                                                                                                                                                                                                                      Entropy (8bit):3.418295834054489
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:rLWTXvn:f8Xvn
                                                                                                                                                                                                                                                      MD5:0A28E8E758F80C4B73AFD9DBEF9F96DD
                                                                                                                                                                                                                                                      SHA1:10072E4EC58C0E15D5A62FD256AC9D7BC6A28BCB
                                                                                                                                                                                                                                                      SHA-256:1AE466BD65C64D124D6262B989618E82536FE0BDDBCBB60A68488AC9C359E174
                                                                                                                                                                                                                                                      SHA-512:38D7A1B6198701708F90750C9D82390A150972FB898FC91C825FF6F6FE2A560B3BCC381A388BB7FE5DFAE63550BEC2A6A7CFED1390E620A5B2A559726C1439E5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PyInstaller.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\python3.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):64896
                                                                                                                                                                                                                                                      Entropy (8bit):6.101810529421494
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:Y88LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJq9:Y8wewnvtjnsfwERI7Q0L7SyCPx
                                                                                                                                                                                                                                                      MD5:C17B7A4B853827F538576F4C3521C653
                                                                                                                                                                                                                                                      SHA1:6115047D02FBBAD4FF32AFB4EBD439F5D529485A
                                                                                                                                                                                                                                                      SHA-256:D21E60F3DFBF2BAB0CC8A06656721FA3347F026DF10297674FC635EBF9559A68
                                                                                                                                                                                                                                                      SHA-512:8E08E702D69DF6840781D174C4565E14A28022B40F650FDA88D60172BE2D4FFD96A3E9426D20718C54072CA0DA27E0455CC0394C098B75E062A27559234A3DF7
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]{....e...e...e..fm...e..fe...e..f....e..fg...e.Rich..e.........................PE..d......c.........." ..."..................................................................`.........................................`...`................................)..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\python310.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1513336
                                                                                                                                                                                                                                                      Entropy (8bit):7.992007410704943
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:24576:3mhx0O5yMVUEV51zVZ/7KqaI0jVSn/OCNYLfUehwHqDdt9OJzoCr2TAY/f+TNX56:3mT0OjUK51xZ/7s6GDwKDD9OJEwsAE2C
                                                                                                                                                                                                                                                      MD5:69D4F13FBAEEE9B551C2D9A4A94D4458
                                                                                                                                                                                                                                                      SHA1:69540D8DFC0EE299A7FF6585018C7DB0662AA629
                                                                                                                                                                                                                                                      SHA-256:801317463BD116E603878C7C106093BA7DB2BECE11E691793E93065223FC7046
                                                                                                                                                                                                                                                      SHA-512:8E632F141DAF44BC470F8EE677C6F0FDCBCACBFCE1472D928576BF7B9F91D6B76639D18E386D5E1C97E538A8FE19DD2D22EA47AE1ACF138A0925E3C6DD156378
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R..R..R...S..R......R...W..R...V..R...Q..R.....R.K.S..R..S..R.'._.X.R.'.R..R.'....R.'.P..R.Rich..R.........PE..d......c.........." ...". ......../...E.../...................................F...........`...........................................F.......F.d.....F.......B...............F.......................................E.@...........................................UPX0....../.............................UPX1..... ..../.....................@....rsrc.........F.....................@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pythoncom310.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):198144
                                                                                                                                                                                                                                                      Entropy (8bit):7.899184952490433
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:irs7d9ovn0ICgOdewE9SJy9sZQ3KfmPpd:b59ovn0IC1yl3xPpd
                                                                                                                                                                                                                                                      MD5:9051ABAE01A41EA13FEBDEA7D93470C0
                                                                                                                                                                                                                                                      SHA1:B06BD4CD4FD453EB827A108E137320D5DC3A002F
                                                                                                                                                                                                                                                      SHA-256:F12C8141D4795719035C89FF459823ED6174564136020739C106F08A6257B399
                                                                                                                                                                                                                                                      SHA-512:58D8277EC4101AD468DD8C4B4A9353AB684ECC391E5F9DB37DE44D5C3316C17D4C7A5FFD547CE9B9A08C56E3DD6D3C87428EAE12144DFB72FC448B0F2CFC47DA
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..x...+...+...+..P+...+T..*...+T..*...+T..*...+T..*...+..*...+...*...+...*...+...*...+...+U..+..*W..+..*...+..*...+Rich...+................PE..d...k..d.........." .........p.......7....................................................`.........................................0W...c..pS.......P..p....@...z..................................................C..8...........................................UPX0....................................UPX1................................@....rsrc....p...P...l..................@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\pywintypes310.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):64000
                                                                                                                                                                                                                                                      Entropy (8bit):7.542185527581843
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:k2xBKwcTFzoNwouLGtUHhYrn/irawXffuJm8ei:kaBKwGOwoKGtUHhsnalvfuTe
                                                                                                                                                                                                                                                      MD5:6F2AA8FA02F59671F99083F9CEF12CDA
                                                                                                                                                                                                                                                      SHA1:9FD0716BCDE6AC01CD916BE28AA4297C5D4791CD
                                                                                                                                                                                                                                                      SHA-256:1A15D98D4F9622FA81B60876A5F359707A88FBBBAE3AE4E0C799192C378EF8C6
                                                                                                                                                                                                                                                      SHA-512:F5D5112E63307068CDB1D0670FE24B65A9F4942A39416F537BDBC17DEDFD99963861BF0F4E94299CDCE874816F27B3D86C4BEBB889C3162C666D5EE92229C211
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.$.X.w.X.w.X.w. [w.X.w.-.v.X.w.75w.X.w.-.v.X.w.-.v.X.w.-.v.X.w.3.v.X.wJ1.v.X.w.3.v.X.w.X.w.X.w,-.v.X.w,-.v.X.w,-.v.X.wRich.X.w........................PE..d......d.........." .........P.......z....................................................`.........................................p...dB..p...........p.......L......................................................8...........................................UPX0....................................UPX1................................@....rsrc....P.......J..................@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\select.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):24952
                                                                                                                                                                                                                                                      Entropy (8bit):7.398475586533855
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:wm71gl6dfHKsz8nUxaVXALcTwI77G26hMWIYiSy1pCQ0AA7Pxh8E9VF0Nym5ty:/1gl65HKXzTwI77G2BYiSyv87PxWEgC
                                                                                                                                                                                                                                                      MD5:72009CDE5945DE0673A11EFB521C8CCD
                                                                                                                                                                                                                                                      SHA1:BDDB47AC13C6302A871A53BA303001837939F837
                                                                                                                                                                                                                                                      SHA-256:5AAA15868421A46461156E7817A69EEEB10B29C1E826A9155B5F8854FACF3DCA
                                                                                                                                                                                                                                                      SHA-512:D00A42700C9201F23A44FD9407FEA7EA9DF1014C976133F33FF711150727BF160941373D53F3A973F7DD6CA7B5502E178C2B88EA1815CA8BCE1A239ED5D8256D
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........].t.<r'.<r'.<r'.D.'.<r'.@s&.<r'.@w&.<r'.@v&.<r'.@q&.<r'i@s&.<r'.<s'.<r'.Ns&.<r'i@.&.<r'i@r&.<r'i@.'.<r'i@p&.<r'Rich.<r'........PE..d...&..c.........." ...".0..........@.....................................................`......................................... ...L....................`..............l.......................................H...@...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\sqlite3.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):623480
                                                                                                                                                                                                                                                      Entropy (8bit):7.993548202681751
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:qZNIrMyJHzTarSwdWd5Xhm/27cz5hQYuHDiL1IcUq4P8ryHn5+8yjz:2NPsHzTaWwdS5xV70QYMDiCc34e8nI8+
                                                                                                                                                                                                                                                      MD5:B70D218798C0FEC39DE1199C796EBCE8
                                                                                                                                                                                                                                                      SHA1:73B9F8389706790A0FEC3C7662C997D0A238A4A0
                                                                                                                                                                                                                                                      SHA-256:4830E8D4AE005A73834371FE7BB5B91CA8A4C4C3A4B9A838939F18920F10FAFF
                                                                                                                                                                                                                                                      SHA-512:2EDE15CC8A229BFC599980CE7180A7A3C37C0264415470801CF098EF4DAC7BCF857821F647614490C1B0865882619A24E3AC0848B5AEA1796FAD054C0DD6F718
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......CG;..&U..&U..&U..^..&U.HZT..&U.HZP..&U.HZQ..&U.HZV..&U..TT..&U..&T..&U..Z]..&U..ZU..&U..Z...&U..ZW..&U.Rich.&U.................PE..d...X..c.........." ...".0...0............................................................`.............................................d"..................................x...........................................@...........................................UPX0....................................UPX1.....0.......(..................@....rsrc....0...........,..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\ucrtbase.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1016584
                                                                                                                                                                                                                                                      Entropy (8bit):6.669319438805479
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24576:VkmZDEMHhp9v1Ikbn3ND0TNVOsIut8P4zmxvSZX0yplkA:mmZFHhp9v1Io3h0TN3pvkA
                                                                                                                                                                                                                                                      MD5:0E0BAC3D1DCC1833EAE4E3E4CF83C4EF
                                                                                                                                                                                                                                                      SHA1:4189F4459C54E69C6D3155A82524BDA7549A75A6
                                                                                                                                                                                                                                                      SHA-256:8A91052EF261B5FBF3223AE9CE789AF73DFE1E9B0BA5BDBC4D564870A24F2BAE
                                                                                                                                                                                                                                                      SHA-512:A45946E3971816F66DD7EA3788AACC384A9E95011500B458212DC104741315B85659E0D56A41570731D338BDF182141C093D3CED222C007038583CEB808E26FD
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..l9F.l9F.l9F...F.l9F.l8F.l9F...F.l9F..9G.l9F..:G.l9F..<G.l9F..7G.n9F..=G.l9F...F.l9F..;G.l9FRich.l9F........PE..d.....}X.........." .........`............................................................`A................................................p......................F...=......p...PX..T............................'...............O...............................text............................... ..`.rdata..<u.......v..................@..@.data....$...........r..............@....pdata.............................@..@.rsrc................4..............@..@.reloc..p............:..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\unicodedata.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):294784
                                                                                                                                                                                                                                                      Entropy (8bit):7.987306847288753
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:XudZUEjoXwDrGv4qJBd4R0u3FIp6O4LMHS+OsfW/+vzoFZ:MGEjyirGd+f3FIp7eMHS+CUUT
                                                                                                                                                                                                                                                      MD5:CA3BAEBF8725C7D785710F1DFBB2736D
                                                                                                                                                                                                                                                      SHA1:8F9AEC2732A252888F3873967D8CC0139FF7F4E5
                                                                                                                                                                                                                                                      SHA-256:F2D03A39556491D1ACE63447B067B38055F32F5F1523C01249BA18052C599B4C
                                                                                                                                                                                                                                                      SHA-512:5C2397E4DCB361A154CD3887C229BCF7EF980ACBB4B851A16294D5DF6245B2615CC4B42F6A95CF1D3C49B735C2F7025447247D887CCF4CD964F19F14E4533470
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t..t..t..}...r..;...v..;...y..;...|..;...w.....w......v..t..%.....u.....u...y.u.....u..Richt..........PE..d...(..c.........." ...".P..........@V... ................................................`..........................................{..X....y.......p..........<............{......................................8b..@...........................................UPX0....................................UPX1.....P... ...D..................@....rsrc........p.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\win32api.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):49664
                                                                                                                                                                                                                                                      Entropy (8bit):7.834375167131465
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:lLHqNUpP9700eM3qeU4NWAXcnLim2sp94osOk7OPBBho8rzspYJP0Wgze:lLzrSeUGQLi+5sOt5Bbzs2Cze
                                                                                                                                                                                                                                                      MD5:561F419A2B44158646EE13CD9AF44C60
                                                                                                                                                                                                                                                      SHA1:93212788DE48E0A91E603D74F071A7C8F42FE39B
                                                                                                                                                                                                                                                      SHA-256:631465DA2A1DAD0CB11CD86B14B4A0E4C7708D5B1E8D6F40AE9E794520C3AAF7
                                                                                                                                                                                                                                                      SHA-512:D76AB089F6DC1BEFFD5247E81D267F826706E60604A157676E6CBC3B3447F5BCEE66A84BF35C21696C020362FADD814C3E0945942CDC5E0DFE44C0BCA169945C
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.uV....................N.......N.......N.......................N...................J...........................Rich............PE..d......d.........." ................@.....................................................`.........................................(.......`...........`...........................................................8...8.......................@...................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\win32com\shell\shell.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):152576
                                                                                                                                                                                                                                                      Entropy (8bit):7.9721137465367
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:jA+IckcVeE911B9PROpB23W4Ukx0xluxTZ/7cpltdYwT7VbbDAH:k5cv91jtROLH4n0xluxIlTF
                                                                                                                                                                                                                                                      MD5:63ED2B5247381E04868B2362AB6CA3F0
                                                                                                                                                                                                                                                      SHA1:804963B6F433CCB298B5D0B284CDDE63B0DEC388
                                                                                                                                                                                                                                                      SHA-256:353D17F47E6EB8691F5C431B2526B468B28D808CBEE83F8F0D4B5C809728325E
                                                                                                                                                                                                                                                      SHA-512:8C9148C1ED8F1A6ECD51B8D1C6DC3B0B96DC6828EFC0C6B8652872D9D4FEEB5704CDCCD43FD23F71A9E995733CC3A8B352BCB4B8BB59F05F596CEBDAA5C29966
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......M................).....[......[......[......[...................................................O.................Rich............................PE..d...(..d.........." .....P...................................................0............`..........................................&..L...P#..t.... ..P.......xx...........'..........................................8...........................................UPX0....................................UPX1.....P.......H..................@....rsrc........ .......L..............@..............................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\win32crypt.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):52736
                                                                                                                                                                                                                                                      Entropy (8bit):7.733565165052535
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:E9uTkXr2LgA+Q0/W25PVt9sjTQaFoJ7e3eDvfabM:YXXr2ga0BVtmFyJiuD3a
                                                                                                                                                                                                                                                      MD5:B386EB9F697DE442C4D6E426D7973706
                                                                                                                                                                                                                                                      SHA1:0CA2E62BCCC709092A5AC4284E4AB44339917805
                                                                                                                                                                                                                                                      SHA-256:4377B52E95E1A82E77D3B0E6D19706D4C064F90EF3D05F4D05D5D8131F4EBABD
                                                                                                                                                                                                                                                      SHA-512:25E91A0C1DAC2D7E7D9E2E0425B5A8AE0114B1F1D25558117864ED95F9A526435835EE58DFD50DE0C05A63519F19BFC538D09DDDE4E0B4672F8B08773B8F8F9B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................J.........................................`..............................................Rich............PE..d......d.........." .........0.......G....................................................`.........................................hf......hc.......`..h...................$........................................S..8...........................................UPX0....................................UPX1................................@....rsrc....0...`...$..................@..............................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\win32trace.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                                      Entropy (8bit):7.082172460598222
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:46KwMJFoeBJ4qCKU7xe+16ufjIS0hnUxaVXALOI1B1r:47wMJFoenUk/uf8dWBN
                                                                                                                                                                                                                                                      MD5:E37A3CD90CFCC9A7D8002EFEC8E44138
                                                                                                                                                                                                                                                      SHA1:3EB7D0E10193E41215B0E5B7C94C1B660189162A
                                                                                                                                                                                                                                                      SHA-256:8B03D36BB3DA3CEA74FBC1FE4749E3187B1F72839C211CE1A0256B42B4B9B8C1
                                                                                                                                                                                                                                                      SHA-512:A3022230F1A89ED3C3B03B17CA12991E61C29E4AE22EACEA6D700A3B8A325DCF6C8D7CC7293D2FF11941E37C4DBE0B1B5DF1DDC006F72B4DA448170653B7DDCD
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*U@qD.@qD.@qD.I...DqD...E.BqD...A.JqD...@.HqD...G.CqD...E.BqD...E.BqD.T.E.EqD.@qE..qD...M.AqD...D.AqD...F.AqD.Rich@qD.................PE..d......d.........." .....0..........`.....................................................`.............................................T...h...8.......h....p......................................................X...8...........................................UPX0....................................UPX1.....0..........................@....rsrc................2..............@......................................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\win32ui.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):279040
                                                                                                                                                                                                                                                      Entropy (8bit):7.864533071557196
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:iBjVLw7ShElYer9fB/YSYVye4ZgWJRi/tPUivxJSRYpnRlhG:iBpLwGalYU9fhYVd2gmi/tPUIWRsRlhG
                                                                                                                                                                                                                                                      MD5:0EBD9CB6234A1C9D90F29E17A74A6E4C
                                                                                                                                                                                                                                                      SHA1:2FB9488CACFB2625D7ED682559DAC5CAEB789F3A
                                                                                                                                                                                                                                                      SHA-256:5BBA9608D364E79ED444666B8CF9E609C59D3BCC94AAB0435899E42CCCF9F566
                                                                                                                                                                                                                                                      SHA-512:B7229699EAA1355A8BB533133905745C5D967020A8431824460D3D267DDDD9892B2CF1582856A048B2E4F331FA43A24408D3FA27A82098F642EB64F906C76FE6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aM.F%,r.%,r.%,r.,T../,r..Ys.',r..Es.',r.1Gs.+,r.wYv.-,r.wYq.!,r.wYw.3,r.%,s.-*r.wYs.",r..Y{..,r..Yr.$,r..Y..$,r..Yp.$,r.Rich%,r.........................PE..d......d.........." ................0}.......................................0............`..............................................T..<...........<8................... .. ...........................H...(...x...8...........................................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57002\yarl\_quoting_c.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):41472
                                                                                                                                                                                                                                                      Entropy (8bit):7.860994414647209
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:2/Ogitr1CeAulCMAuMS+GhCQqrsiQSex87XzvGhqqjFTFx7eg:2titBDrfAuFn1W7XKhD/FL
                                                                                                                                                                                                                                                      MD5:69FDB1D4E6B7B137E1EE239A73BB5412
                                                                                                                                                                                                                                                      SHA1:4BB0ACAAC25DED9135969E0B54E25A45FBF32A42
                                                                                                                                                                                                                                                      SHA-256:AEADBE2A50E0918704C3BCDDF2F3D3382DE1FA477EBCE17D85643D648A051F25
                                                                                                                                                                                                                                                      SHA-512:2BC5E4464AB88737B948A6B9998901AF55C3E9AC0391911F522DB5F7EE01222071BF010C655582763F67A37992B2221EA3F96ACAE6BAA9F63B367FFBFADBE057
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........].@..@..@......@...A..@...A..@...E..@...D..@...C..@...A..@..A.f.@../H..@../@..@../...@../B..@.Rich.@.........................PE..d...mYpe.........." ...%.........`..@....p................................... ............`.............................................d.......................4...................................................8...@...........................................UPX0.....`..............................UPX1.........p......................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\cards_db

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                                                                                                      Entropy (8bit):1.1216922126537057
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:72qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8MaQpY54tZ7YTrMD:72qOB1nxCkvSAELyKOMq+8mKQ0M
                                                                                                                                                                                                                                                      MD5:7F784E8E9051D8E70834C231AE5CC670
                                                                                                                                                                                                                                                      SHA1:FA92DDE2E8DD8599EA458CC8488123CB60AD0DC1
                                                                                                                                                                                                                                                      SHA-256:1CEE1D9084D2C05B68B40073E4E6FE380128B61988409D60A9F5CBFD7AE964F6
                                                                                                                                                                                                                                                      SHA-512:A054A1E0F3289F4CCD25F01A81C0B3471A2CA8243E76ADD24D105A4141FBC534D20CE913A796474FB17754AB3B87C56679B8962FB860060B23F467601043EEA7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\cookie_db

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\downloads_db

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):155648
                                                                                                                                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\fqahji1r

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                      Entropy (8bit):2.0
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qn:qn
                                                                                                                                                                                                                                                      MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                                                                      SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                                                                      SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                                                                      SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:blat

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\login_db

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):51200
                                                                                                                                                                                                                                                      Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\main.exe

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\r-c.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):19396338
                                                                                                                                                                                                                                                      Entropy (8bit):7.99802320187103
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:393216:4qPnLFXlrPrQ8DOETgs77fGygPZvEXwYCyq:pPLFXNjQhE73aOX4
                                                                                                                                                                                                                                                      MD5:EB7E5E0BEDBCEC68E54C6F4CA1FD5934
                                                                                                                                                                                                                                                      SHA1:BEE2C4A08D217C264F802E57BA30299E0198730A
                                                                                                                                                                                                                                                      SHA-256:C3B3126C07765F3EE19B75ED89A5E0E3B8A10D5C689592AEF6CA1D0B15DDEFC1
                                                                                                                                                                                                                                                      SHA-512:2BB957790A52D9C826B17D46676357A883967079DC4FA2E7DF97C0FFB0F97AF81DB05BC62D10817E7A2463B081B6A1A353DD5E56F13071A9038839489499C2C7
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DiscordTokenStealer_1, Description: Yara detected Discord Token Stealer, Source: C:\Users\user\AppData\Local\Temp\main.exe, Author: Joe Security
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................@.....@.-...@.......H.......................@.........................Rich............PE..d....G*f..........".... .....Z.................@.............................0........(...`.................................................$...x.... ........... ........... ..T.......................................@............................................text............................... ..`.rdata...(.......*..................@..@.data...............................@....pdata... ......."..................@..@_RDATA..\...........................@..@.rsrc........ ......................@..@.reloc..T.... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpq5wi8wq7\gen_py\__init__.py

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):176
                                                                                                                                                                                                                                                      Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                                                      MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                                                      SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                                                      SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                                                      SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpq5wi8wq7\gen_py\dicts.dat

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10
                                                                                                                                                                                                                                                      Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                                                      MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                                                      SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                                                      SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                                                      SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..K....}..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\vault.zip

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):407
                                                                                                                                                                                                                                                      Entropy (8bit):5.885648452677226
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:5jyyo/6qa3rb4xbEov3r4UDIZt3bqvJk2n4QRS55VI+RjeUTVxljyyo/6ItoR+l+:5jyn/W7MJ74CiJbwJkA8vj3wn/pAa+
                                                                                                                                                                                                                                                      MD5:B6E4280E6C39FF4B9CAD2C673AAAD865
                                                                                                                                                                                                                                                      SHA1:FF435666016B4C3DA8C4D1AF0885D9ABBCD445A2
                                                                                                                                                                                                                                                      SHA-256:4F1EAACE772BFF905B72EA451E3C886840055589C63F3033AE24727A4EAA3D8D
                                                                                                                                                                                                                                                      SHA-512:FFA721C5C3F8A9E18D69F81490F7682250D9FBD4D88573F0A1F90814CCC07B917D14267C89A61E823A282A1DA54A1203D096D6F27900967921936B307B3A4AED
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PK........9PdZB2..............cookies.txt.google.com.TRUE./.FALSE.13343648886482443.1P_JAR.2023-10-06-09...google.com.TRUE./.FALSE.13356868085482489.NID.511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8PK..........9PdZB2............................cookies.txtPK..........9...H.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\vault\cookies.txt

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):287
                                                                                                                                                                                                                                                      Entropy (8bit):5.860892260961956
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:Pk3rb4xbEov3r4UDIZt3bqvJk2n4QRS55VI+RjeUTn:c7MJ74CiJbwJkA8vjj
                                                                                                                                                                                                                                                      MD5:F60007CADC4D30718621E10E7618A3B2
                                                                                                                                                                                                                                                      SHA1:49B6589E4749A36B83A50470D7AA95B7C8A6EB9A
                                                                                                                                                                                                                                                      SHA-256:F037846A72AC6A6DDFC7888905AEFEF95339665BFB20E01358E948A66DC1BE4C
                                                                                                                                                                                                                                                      SHA-512:E1F5B5607FBB2500392CFA1BDA6AF4B20C4A2BF1C0E041CAB6C4BD303A8654AB0495EF45A5AA5CBCCE378F58FBC130998D22D962AEAB2BDCF6E3B46F9B4ED562
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.google.com.TRUE./.FALSE.13343648886482443.1P_JAR.2023-10-06-09...google.com.TRUE./.FALSE.13356868085482489.NID.511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\web_history_db

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):155648
                                                                                                                                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\empyrean\dat.txt

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):19396338
                                                                                                                                                                                                                                                      Entropy (8bit):7.99802320187103
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:393216:4qPnLFXlrPrQ8DOETgs77fGygPZvEXwYCyq:pPLFXNjQhE73aOX4
                                                                                                                                                                                                                                                      MD5:EB7E5E0BEDBCEC68E54C6F4CA1FD5934
                                                                                                                                                                                                                                                      SHA1:BEE2C4A08D217C264F802E57BA30299E0198730A
                                                                                                                                                                                                                                                      SHA-256:C3B3126C07765F3EE19B75ED89A5E0E3B8A10D5C689592AEF6CA1D0B15DDEFC1
                                                                                                                                                                                                                                                      SHA-512:2BB957790A52D9C826B17D46676357A883967079DC4FA2E7DF97C0FFB0F97AF81DB05BC62D10817E7A2463B081B6A1A353DD5E56F13071A9038839489499C2C7
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DiscordTokenStealer_1, Description: Yara detected Discord Token Stealer, Source: C:\Users\user\AppData\Roaming\empyrean\dat.txt, Author: Joe Security
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................@.....@.-...@.......H.......................@.........................Rich............PE..d....G*f..........".... .....Z.................@.............................0........(...`.................................................$...x.... ........... ........... ..T.......................................@............................................text............................... ..`.rdata...(.......*..................@..@.data...............................@....pdata... ......."..................@..@_RDATA..\...........................@..@.rsrc........ ......................@..@.reloc..T.... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\empyrean\run.bat

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):62
                                                                                                                                                                                                                                                      Entropy (8bit):4.596441318977455
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:mKDDVEONT6ckEaKC53KGdRn:hy+RNaZ56GTn
                                                                                                                                                                                                                                                      MD5:B5A17A2553250665B6077B56CA5A1AD8
                                                                                                                                                                                                                                                      SHA1:FCF7E398C8ACDFFA3E5D620F78FF2A015E501A8A
                                                                                                                                                                                                                                                      SHA-256:33B5F9D7C0D4904B5C4531D882171C564586AB290D7C3B4347B48AB818B0A36A
                                                                                                                                                                                                                                                      SHA-512:088B3C0B376C4EDD0C3F1E322AE04DA82E86BED2BAACDFE7BF85894B4AEBA5E7D15ED4529D540C9BEDF145E724D0F94685725B49D97588EDB3A7E36F30705EA3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:@echo off..call C:\Users\user\AppData\Roaming\empyrean\dat.txt

                                                                                                                                                                                                                                                      \Device\Null

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\reg.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                      Entropy (8bit):4.237326145256008
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:bqX4LxGT82AGN8cyn:bqX4E8NGN8Rn
                                                                                                                                                                                                                                                      MD5:13015015DD907D28996153DF14881252
                                                                                                                                                                                                                                                      SHA1:532C595BAAE0A027D02D1B28D7B83D57350A310E
                                                                                                                                                                                                                                                      SHA-256:4499283166530CE395CBC12677FEF2BD52759EACDCC5BDDE56C039B1A2E99C0B
                                                                                                                                                                                                                                                      SHA-512:B81FB62AB27E7722BFCB386766FFA1D1EBA05B8B03CD5D2160BB2570F87568381D923AC75017D785E1DEC1685769023727F4280E27C2A69CDE69772CA62E2A92
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:The operation completed successfully....

                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                      Entropy (8bit):7.999672647446733
                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                      File name:r-c.exe
                                                                                                                                                                                                                                                      File size:19'429'442 bytes
                                                                                                                                                                                                                                                      MD5:1d6d97b36099b4e87dcd33a1a0adfed1
                                                                                                                                                                                                                                                      SHA1:857dfa58a5f027d1db1e74ca1adfa3407ea544b8
                                                                                                                                                                                                                                                      SHA256:54991e9a08dab7c7c46738227f2ff25f5f29f69f02e264cf7df4c7ea05a47d04
                                                                                                                                                                                                                                                      SHA512:9d548846c0a922179118d3ce84bae03096314ea84294bc8ade7ec76e684c83d192b4eeb98bc0a6ca6a217eb9f936ae46f84937132574f6a42e7351794ec379ed
                                                                                                                                                                                                                                                      SSDEEP:393216:fL/DWLqd8hEhdBe2TYNToMU7/g6Wv3CKsydLfe/HgM:HWed8qVe2TwMX+n3LfegM
                                                                                                                                                                                                                                                      TLSH:901733F057DD0650C48A5E796C5FCCBB025AEE8931D53848A2E3CF38BB67777194AA80
                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF..qv..RF..T@..RF.Rich.RF.........................PE..L...oy.V.................`.........

                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                      Icon Hash:930f9bd2d2829796

                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Entrypoint:0x40310d
                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                      Time Stamp:0x567F796F [Sun Dec 27 05:38:55 2015 UTC]
                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                      OS Version Major:4
                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                      File Version Major:4
                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                      Import Hash:29b61e5a552b3a9bc00953de1c93be41

                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                      sub esp, 00000180h
                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                                                      xor ebx, ebx
                                                                                                                                                                                                                                                      push 00008001h
                                                                                                                                                                                                                                                      mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                                      mov dword ptr [esp+14h], 00409188h
                                                                                                                                                                                                                                                      xor esi, esi
                                                                                                                                                                                                                                                      mov byte ptr [esp+18h], 00000020h
                                                                                                                                                                                                                                                      call dword ptr [004070B4h]
                                                                                                                                                                                                                                                      call dword ptr [004070B0h]
                                                                                                                                                                                                                                                      cmp ax, 00000006h
                                                                                                                                                                                                                                                      je 00007F52A4C8BB73h
                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                      call 00007F52A4C8E949h
                                                                                                                                                                                                                                                      cmp eax, ebx
                                                                                                                                                                                                                                                      je 00007F52A4C8BB69h
                                                                                                                                                                                                                                                      push 00000C00h
                                                                                                                                                                                                                                                      call eax
                                                                                                                                                                                                                                                      push 0040917Ch
                                                                                                                                                                                                                                                      call 00007F52A4C8E8CAh
                                                                                                                                                                                                                                                      push 00409174h
                                                                                                                                                                                                                                                      call 00007F52A4C8E8C0h
                                                                                                                                                                                                                                                      push 00409168h
                                                                                                                                                                                                                                                      call 00007F52A4C8E8B6h
                                                                                                                                                                                                                                                      push 0000000Dh
                                                                                                                                                                                                                                                      call 00007F52A4C8E919h
                                                                                                                                                                                                                                                      push 0000000Bh
                                                                                                                                                                                                                                                      call 00007F52A4C8E912h
                                                                                                                                                                                                                                                      mov dword ptr [0042EC44h], eax
                                                                                                                                                                                                                                                      call dword ptr [00407034h]
                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                      call dword ptr [00407270h]
                                                                                                                                                                                                                                                      mov dword ptr [0042ECF8h], eax
                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                                      push 00000160h
                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                      push 00429078h
                                                                                                                                                                                                                                                      call dword ptr [00407160h]
                                                                                                                                                                                                                                                      push 0040915Ch
                                                                                                                                                                                                                                                      push 0042E440h
                                                                                                                                                                                                                                                      call 00007F52A4C8E549h
                                                                                                                                                                                                                                                      call dword ptr [004070ACh]
                                                                                                                                                                                                                                                      mov ebp, 00434000h
                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                      call 00007F52A4C8E537h
                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                      call dword ptr [00407144h]

                                                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x74d80xa0.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x370000x2ca8.rsrc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x70000x280.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                      .text0x10000x5e3c0x60001a13b408c917b27c9106545148d3b8d3False0.6686197916666666data6.432295288512854IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .rdata0x70000x126a0x1400921acf8cb0aea87c0603fa899765fcc2False0.43359375data5.00588726544978IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .data0x90000x25d380x600797517c6ef57aa95d53df2cf07568953False0.474609375data4.291756049727371IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      .ndata0x2f0000x80000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      .rsrc0x370000x2ca80x2e004c198f4f735819051bb35710745a8078False0.11319633152173914data1.6505873700699298IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                      RT_ICON0x371900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/mEnglishUnited States0.049066390041493775
                                                                                                                                                                                                                                                      RT_DIALOG0x397380x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                      RT_DIALOG0x398380x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                      RT_DIALOG0x399580x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                      RT_GROUP_ICON0x399b80x14dataEnglishUnited States1.15
                                                                                                                                                                                                                                                      RT_MANIFEST0x399d00x2d7XML 1.0 document, ASCII text, with very long lines (727), with no line terminatorsEnglishUnited States0.562585969738652

                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                      KERNEL32.dllSetFileAttributesA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CompareFileTime, SearchPathA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, CreateDirectoryA, lstrcmpiA, GetCommandLineA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, LoadLibraryA, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, WaitForSingleObject, GetWindowsDirectoryA, GetTempPathA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, LoadLibraryExA, GetModuleHandleA, MultiByteToWideChar, FreeLibrary
                                                                                                                                                                                                                                                      USER32.dllGetWindowRect, EnableMenuItem, GetSystemMenu, ScreenToClient, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, PostQuitMessage, RegisterClassA, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, OpenClipboard, TrackPopupMenu, SendMessageTimeoutA, GetDC, LoadImageA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, SetWindowLongA, EmptyClipboard, SetTimer, CreateDialogParamA, wsprintfA, ShowWindow, SetWindowTextA
                                                                                                                                                                                                                                                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                                                      SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                                                                                                                                                                                                      ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                                                                                                                                                      COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                                                                                                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                      2025-03-04T16:01:46.803666+01002036383ET MALWARE Common RAT Connectivity Check Observed1192.168.2.1649698208.95.112.180TCP

                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.254381895 CET4969880192.168.2.16208.95.112.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.259495020 CET8049698208.95.112.1192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.259608030 CET4969880192.168.2.16208.95.112.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.259886980 CET4969880192.168.2.16208.95.112.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.264873981 CET8049698208.95.112.1192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.763501883 CET8049698208.95.112.1192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.803666115 CET4969880192.168.2.16208.95.112.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:47.346343040 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:47.351361990 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:47.354628086 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:48.247692108 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:48.282797098 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:48.287821054 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:48.658531904 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:48.712887049 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:48.966378927 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:49.014893055 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:49.074096918 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:49.079612970 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.932156086 CET49701443192.168.2.16104.26.8.44
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.932187080 CET44349701104.26.8.44192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.932281017 CET49701443192.168.2.16104.26.8.44
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.946576118 CET49701443192.168.2.16104.26.8.44
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.946603060 CET44349701104.26.8.44192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:51.554915905 CET44349701104.26.8.44192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:51.555260897 CET49701443192.168.2.16104.26.8.44
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:51.555286884 CET44349701104.26.8.44192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:51.557446003 CET44349701104.26.8.44192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:51.557517052 CET49701443192.168.2.16104.26.8.44
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:51.557902098 CET49701443192.168.2.16104.26.8.44
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:51.558039904 CET49701443192.168.2.16104.26.8.44
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.044286966 CET49704443192.168.2.16162.159.136.232
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.044326067 CET44349704162.159.136.232192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.044409037 CET49704443192.168.2.16162.159.136.232
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.054960012 CET49704443192.168.2.16162.159.136.232
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.054971933 CET44349704162.159.136.232192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.555358887 CET44349704162.159.136.232192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.555737019 CET49704443192.168.2.16162.159.136.232
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.555754900 CET44349704162.159.136.232192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.557476997 CET44349704162.159.136.232192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.557540894 CET49704443192.168.2.16162.159.136.232
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.558043957 CET49704443192.168.2.16162.159.136.232
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.558201075 CET49704443192.168.2.16162.159.136.232
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.021981001 CET49707443192.168.2.16185.199.111.133
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.022006989 CET44349707185.199.111.133192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.022089005 CET49707443192.168.2.16185.199.111.133
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.032825947 CET49707443192.168.2.16185.199.111.133
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.032850027 CET44349707185.199.111.133192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.491429090 CET44349707185.199.111.133192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.491905928 CET49707443192.168.2.16185.199.111.133
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.491931915 CET44349707185.199.111.133192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.493469000 CET44349707185.199.111.133192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.493550062 CET49707443192.168.2.16185.199.111.133
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.494009972 CET49707443192.168.2.16185.199.111.133
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.494154930 CET49707443192.168.2.16185.199.111.133
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.494157076 CET44349707185.199.111.133192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.494224072 CET49707443192.168.2.16185.199.111.133
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:00.680484056 CET49712443192.168.2.16104.16.124.96
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:00.680525064 CET44349712104.16.124.96192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:00.680677891 CET49712443192.168.2.16104.16.124.96
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:00.691085100 CET49712443192.168.2.16104.16.124.96
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:00.691117048 CET44349712104.16.124.96192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:01.178908110 CET44349712104.16.124.96192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:01.179275036 CET49712443192.168.2.16104.16.124.96
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:01.179287910 CET44349712104.16.124.96192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:01.180301905 CET44349712104.16.124.96192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:01.180721045 CET49712443192.168.2.16104.16.124.96
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:01.180985928 CET49712443192.168.2.16104.16.124.96
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:01.181119919 CET49712443192.168.2.16104.16.124.96
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:14.089756012 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:14.163723946 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:39.165815115 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:39.170769930 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:56.814289093 CET8049698208.95.112.1192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:56.814414024 CET4969880192.168.2.16208.95.112.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:03:04.179994106 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:03:04.185067892 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:03:26.784076929 CET4969880192.168.2.16208.95.112.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:03:26.789185047 CET8049698208.95.112.1192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:03:29.197935104 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:03:29.203077078 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:03:54.219177008 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:03:54.224272966 CET88484969927.70.212.17192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:04:19.226167917 CET496998848192.168.2.1627.70.212.17
                                                                                                                                                                                                                                                      Mar 4, 2025 16:04:19.234096050 CET88484969927.70.212.17192.168.2.16

                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.240731955 CET5955753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.249317884 CET53595571.1.1.1192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:47.333208084 CET5214153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:47.343539953 CET53521411.1.1.1192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.920170069 CET4957253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.927680016 CET53495721.1.1.1192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.036211967 CET6237353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.043473005 CET53623731.1.1.1192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.012396097 CET6527153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.019484997 CET53652711.1.1.1192.168.2.16
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:00.672466040 CET5100053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:00.679668903 CET53510001.1.1.1192.168.2.16

                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.240731955 CET192.168.2.161.1.1.10x4879Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:47.333208084 CET192.168.2.161.1.1.10xfc4fStandard query (0)caidume1368.ddns.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.920170069 CET192.168.2.161.1.1.10xad4Standard query (0)ipapi.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.036211967 CET192.168.2.161.1.1.10xfcb5Standard query (0)discord.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.012396097 CET192.168.2.161.1.1.10xc8d6Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:00.672466040 CET192.168.2.161.1.1.10x4153Standard query (0)www.cloudflare.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.249317884 CET1.1.1.1192.168.2.160x4879No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:47.343539953 CET1.1.1.1192.168.2.160xfc4fNo error (0)caidume1368.ddns.net27.70.212.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.927680016 CET1.1.1.1192.168.2.160xad4No error (0)ipapi.co104.26.8.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.927680016 CET1.1.1.1192.168.2.160xad4No error (0)ipapi.co172.67.69.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:50.927680016 CET1.1.1.1192.168.2.160xad4No error (0)ipapi.co104.26.9.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.043473005 CET1.1.1.1192.168.2.160xfcb5No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.043473005 CET1.1.1.1192.168.2.160xfcb5No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.043473005 CET1.1.1.1192.168.2.160xfcb5No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.043473005 CET1.1.1.1192.168.2.160xfcb5No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:52.043473005 CET1.1.1.1192.168.2.160xfcb5No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.019484997 CET1.1.1.1192.168.2.160xc8d6No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.019484997 CET1.1.1.1192.168.2.160xc8d6No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.019484997 CET1.1.1.1192.168.2.160xc8d6No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:54.019484997 CET1.1.1.1192.168.2.160xc8d6No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:00.679668903 CET1.1.1.1192.168.2.160x4153No error (0)www.cloudflare.com104.16.124.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Mar 4, 2025 16:02:00.679668903 CET1.1.1.1192.168.2.160x4153No error (0)www.cloudflare.com104.16.123.96A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                      • ip-api.com

                                                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      0192.168.2.1649698208.95.112.1804360C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.259886980 CET144OUTGET /json/ HTTP/1.1
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
                                                                                                                                                                                                                                                      Host: ip-api.com
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      Mar 4, 2025 16:01:46.763501883 CET482INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Tue, 04 Mar 2025 15:01:46 GMT
                                                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                      Content-Length: 305
                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                      X-Ttl: 22
                                                                                                                                                                                                                                                      X-Rl: 43
                                                                                                                                                                                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/Chicago","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                      Start time:10:01:43
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\r-c.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\r-c.exe"
                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                      File size:19'429'442 bytes
                                                                                                                                                                                                                                                      MD5 hash:1D6D97B36099B4E87DCD33A1A0ADFED1
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                      Start time:10:01:44
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe"
                                                                                                                                                                                                                                                      Imagebase:0x480000
                                                                                                                                                                                                                                                      File size:356'352 bytes
                                                                                                                                                                                                                                                      MD5 hash:180BE3F662E15DA43341827D6E54BF69
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_Quasarrat_e52df647, Description: unknown, Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, Author: unknown
                                                                                                                                                                                                                                                      • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: implant_win_quasarrat, Description: Detect QuasarRAT (reted from samples 2023-03), Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, Author: Sekoia.io
                                                                                                                                                                                                                                                      • Rule: Quasar, Description: detect Remcos in memory, Source: 00000002.00000000.1133508932.0000000000482000.00000002.00000001.01000000.00000005.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_Quasarrat_e52df647, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: unknown
                                                                                                                                                                                                                                                      • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: Quasar_RAT_2, Description: Detects Quasar RAT, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: MAL_QuasarRAT_May19_1, Description: Detects QuasarRAT malware, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: Vermin_Keylogger_Jan18_1, Description: Detects Vermin Keylogger, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: xRAT_1, Description: Detects Patchwork malware, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: CN_disclosed_20180208_KeyLogger_1, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Florian Roth
                                                                                                                                                                                                                                                      • Rule: implant_win_quasarrat, Description: Detect QuasarRAT (reted from samples 2023-03), Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: Sekoia.io
                                                                                                                                                                                                                                                      • Rule: Quasar, Description: detect Remcos in memory, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: ditekSHen
                                                                                                                                                                                                                                                      • Rule: MALWARE_Win_QuasarRAT, Description: QuasarRAT payload, Source: C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe, Author: ditekSHen
                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                                                                                                                      • Detection: 92%, ReversingLabs
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                      Start time:10:01:44
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\main.exe"
                                                                                                                                                                                                                                                      Imagebase:0x7ff72b1e0000
                                                                                                                                                                                                                                                      File size:19'396'338 bytes
                                                                                                                                                                                                                                                      MD5 hash:EB7E5E0BEDBCEC68E54C6F4CA1FD5934
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DiscordTokenStealer_1, Description: Yara detected Discord Token Stealer, Source: C:\Users\user\AppData\Local\Temp\main.exe, Author: Joe Security
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                      Start time:10:01:46
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:"schtasks" /create /tn "Windows MicroSoft Smart" /sc ONLOGON /tr "C:\Users\user\AppData\Local\Temp\Windows MicroSoft Smart.exe" /rl HIGHEST /f
                                                                                                                                                                                                                                                      Imagebase:0x530000
                                                                                                                                                                                                                                                      File size:187'904 bytes
                                                                                                                                                                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                      Start time:10:01:46
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                      Start time:10:01:46
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\main.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\main.exe"
                                                                                                                                                                                                                                                      Imagebase:0x7ff72b1e0000
                                                                                                                                                                                                                                                      File size:19'396'338 bytes
                                                                                                                                                                                                                                                      MD5 hash:EB7E5E0BEDBCEC68E54C6F4CA1FD5934
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                      Start time:10:01:48
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                                      Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                      Start time:10:01:48
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                      Start time:10:01:54
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f"
                                                                                                                                                                                                                                                      Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                                      Start time:10:01:54
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                      Start time:10:01:54
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f
                                                                                                                                                                                                                                                      Imagebase:0x7ff6a4e90000
                                                                                                                                                                                                                                                      File size:77'312 bytes
                                                                                                                                                                                                                                                      MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                                                      Start time:10:01:54
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f"
                                                                                                                                                                                                                                                      Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                                      Start time:10:01:54
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                      Start time:10:01:54
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\user\AppData\Roaming\empyrean\run.bat /f
                                                                                                                                                                                                                                                      Imagebase:0x7ff6a4e90000
                                                                                                                                                                                                                                                      File size:77'312 bytes
                                                                                                                                                                                                                                                      MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                      Start time:10:01:55
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
                                                                                                                                                                                                                                                      Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:18
                                                                                                                                                                                                                                                      Start time:10:01:55
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:19
                                                                                                                                                                                                                                                      Start time:10:01:56
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
                                                                                                                                                                                                                                                      Imagebase:0x7ff703430000
                                                                                                                                                                                                                                                      File size:576'000 bytes
                                                                                                                                                                                                                                                      MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                      Start time:10:01:57
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
                                                                                                                                                                                                                                                      Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:22
                                                                                                                                                                                                                                                      Start time:10:01:57
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:23
                                                                                                                                                                                                                                                      Start time:10:01:57
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
                                                                                                                                                                                                                                                      Imagebase:0x7ff703430000
                                                                                                                                                                                                                                                      File size:576'000 bytes
                                                                                                                                                                                                                                                      MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:27
                                                                                                                                                                                                                                                      Start time:10:01:58
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
                                                                                                                                                                                                                                                      Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:28
                                                                                                                                                                                                                                                      Start time:10:01:59
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:29
                                                                                                                                                                                                                                                      Start time:10:01:59
                                                                                                                                                                                                                                                      Start date:04/03/2025
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
                                                                                                                                                                                                                                                      Imagebase:0x7ff703430000
                                                                                                                                                                                                                                                      File size:576'000 bytes
                                                                                                                                                                                                                                                      MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                      No disassembly